IPSec VPN not really working
-
Hi everyone,
I recently switched to pfSense and now wanted to setup an IPSec VPN for mobile Devices (mainly iOS).
I came across those two guides I followed:IKEv2 Server Config
IKEv2 iOS ConfigEverything worked fine. My test device (iPhone) can establish a connection and gets an IPv4 within 192.168.100.0/24 as configured (my LAN is within 192.168.1.0/24).
I can also see the working connection in Status -> IPSec.Here comes the problem:
- When I check a random site to determine my current public IP (like https://www.whatismyip.com) it still shows my IP I have via LTE and not my WAN IP of the pfSense box. So basically the traffic is not routed via the VPN.
- When I try to reach a random machine within my home network via IP or hostname (like 192.168.1.3) I'm running into a timeout.
It seams like I have a VPN tunnel established but nothing gets routed over it.
What am I missing here? Probably something obvious (sorry for that...). I followed the guides step by step and only modified the hostname of the server and also the IP ranges.Any help/advice is appreciated!
-
Ok, what I found out so far:
It seams like that there were no firewall rules added IPSec at all. When I manually allow EPS and UDP 500/4500 and also allow * from IPSec to *, then the connection is working.BUT: "System" -> "Advanced" -> "Disable Auto-added VPN Rules" is not checked.
Why am I forced to add the mentioned firewall rules by hand?
Even though it works right now, it doesn't feel comfortable...
What's going wrong here?Btw: pfSense version is 2.4.5-RELEASE-p1
-
After even more investigation:
Seams like the rules from WAN to pfSense where in place and effective. But what was missing: An allow rule from IPSec to the LAN. Is this "works as designed"? Even the DNS (the pfSense itself) was not reachable...