IPSec (roadwarrior) + VLANs

  • I have a working IPSec configuration on my pfsense for several years now, and I can use it using my phone or laptop to connec to the home network from other places.

    My internal LAN network is the net, but recently, I've added 3 VLANs:

    *** Welcome to pfSense 2.4.4-RELEASE-p3 (arm64) on aeon ***
     WAN (wan)       -> mvneta0.4090 -> v4:
     LAN (lan)       -> mvneta0.4091 -> v4:
     IOT (opt1)      -> mvneta0.50 -> v4:
     PRIV (opt2)     -> mvneta0.60 -> v4:
     GUEST (opt3)    -> mvneta0.70 -> v4:

    Now, I can still connect to the IPSec VPN, however, it still lets me only access the LAN net, but none of the VLANs. I've tried googling for solutions, however I can't seem to find the obvious missing configuration which I have to add in order to make it work. When connected to the network directly w/o VPN (ethernet, wifi), I can access all of the VLANs without issues.

    I tried adding another phase 2 entry wit the IOT net as local subnet, but it didn't help:

    alt text

    Also, there is no firewall rules on the IPSec interface which would prevent traffic to the IOT net:

    What do I have to adjust in order to be able to access one of the VLANs from remote when using the IPSec VPN?

Log in to reply