Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSec VPN not really working

    IPsec
    1
    3
    125
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      b_chris last edited by b_chris

      Hi everyone,
      I recently switched to pfSense and now wanted to setup an IPSec VPN for mobile Devices (mainly iOS).
      I came across those two guides I followed:

      IKEv2 Server Config
      IKEv2 iOS Config

      Everything worked fine. My test device (iPhone) can establish a connection and gets an IPv4 within 192.168.100.0/24 as configured (my LAN is within 192.168.1.0/24).
      I can also see the working connection in Status -> IPSec.

      Here comes the problem:

      • When I check a random site to determine my current public IP (like https://www.whatismyip.com) it still shows my IP I have via LTE and not my WAN IP of the pfSense box. So basically the traffic is not routed via the VPN.
      • When I try to reach a random machine within my home network via IP or hostname (like 192.168.1.3) I'm running into a timeout.

      It seams like I have a VPN tunnel established but nothing gets routed over it.
      What am I missing here? Probably something obvious (sorry for that...). I followed the guides step by step and only modified the hostname of the server and also the IP ranges.

      Any help/advice is appreciated!

      B 1 Reply Last reply Reply Quote 0
      • B
        b_chris @b_chris last edited by b_chris

        Ok, what I found out so far:
        It seams like that there were no firewall rules added IPSec at all. When I manually allow EPS and UDP 500/4500 and also allow * from IPSec to *, then the connection is working.

        BUT: "System" -> "Advanced" -> "Disable Auto-added VPN Rules" is not checked.
        Why am I forced to add the mentioned firewall rules by hand?
        Even though it works right now, it doesn't feel comfortable...
        What's going wrong here?

        Btw: pfSense version is 2.4.5-RELEASE-p1

        B 1 Reply Last reply Reply Quote 0
        • B
          b_chris @b_chris last edited by

          After even more investigation:
          Seams like the rules from WAN to pfSense where in place and effective. But what was missing: An allow rule from IPSec to the LAN. Is this "works as designed"? Even the DNS (the pfSense itself) was not reachable...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post