IPSec (roadwarrior) + VLANs



  • I have a working IPSec configuration on my pfsense for several years now, and I can use it using my phone or laptop to connec to the home network from other places.

    My internal LAN network is the 10.0.0.0/24 net, but recently, I've added 3 VLANs:

    *** Welcome to pfSense 2.4.4-RELEASE-p3 (arm64) on aeon ***
    
     WAN (wan)       -> mvneta0.4090 -> v4: 192.168.0.3/24
     LAN (lan)       -> mvneta0.4091 -> v4: 10.0.0.1/24
     IOT (opt1)      -> mvneta0.50 -> v4: 10.0.50.1/24
     PRIV (opt2)     -> mvneta0.60 -> v4: 10.0.60.1/24
     GUEST (opt3)    -> mvneta0.70 -> v4: 10.0.70.1/24
    

    Now, I can still connect to the IPSec VPN, however, it still lets me only access the LAN net, but none of the VLANs. I've tried googling for solutions, however I can't seem to find the obvious missing configuration which I have to add in order to make it work. When connected to the network directly w/o VPN (ethernet, wifi), I can access all of the VLANs without issues.

    I tried adding another phase 2 entry wit the IOT net as local subnet, but it didn't help:

    alt text

    Also, there is no firewall rules on the IPSec interface which would prevent traffic to the IOT net:

    What do I have to adjust in order to be able to access one of the VLANs from remote when using the IPSec VPN?


Log in to reply