Access from WLAN on the VPN connection

sigma

First I thought a bridge from the WLAN (OPT1) to the LAN should solve the problem that I can't access from WLAN to the VPN (ipsec) between LAN and the external network which is connected over VPN. This don't works. I solved (because of a helpfull hand here in the forum) the DHCP problem in bridge mode, get's an IP number from the DHCP of the LAN port but no access to the VPN. Access to the Internet and all servers/clients on the LAN port ist ok.

So I try it the other way round and have no solution until now.

The LAN is on the following subnet: 10.10.3.0/24 and the WLAN on 10.10.5.0/24. I have a ipsec VPN between the LAN and an external Network 10.10.1.0/24. Access from clients on the LAN port to this external network is ok. It's stable since 3 days. But I don't find a way to connect from WLAN to this VPN connection. (Access to the internet and LAN ist ok). I tried several possibilities and nothing works. Maybe someone has a good idea for this problem. Thanks for taking some time to answer.

Sigma

sigma

Does no one has an idea to this subject? I tried several things without success. Would be great if this works.

Sigma

LinkageOracle

Hi Sigma,

Have you tried creating a firewall rule so that it passes traffic through your WLAN(Opt1) interface from your LAN interface? Like allow any source port, source ip, dest ip, dest port. In the Opt1 interface to Lan. If you can get to your VPN from the LAN interface then you should be able to (like a WiFi interface) create the rule to allow traffic to pass into the LAN. Not too sure if it would work that way, but have a go.

– Linkage Oracle

sigma

Thanks for the answer. I tried several things with the roules. All traffic should be possible between LAN and WLAN. As I wrote, no problem with access to the internet or devices on the LAN port from the WLAN side. Also not problem to connect from the LAN side to remote devices over VPN. But not from WLAN. Maybe I have to set a special gateway or something like that. I have no ideas.

Sigma

sigma

This thread was early in the "1.2.3-PRERELEASE-TESTING snapshots" and was moved to "ipsec". But the problem has something to do with the beta version.

Today I took the newest snapshot: pfSense-1.2.3-2g-20090713-1349-nanobsd.img.gz

I can't access to the VPN if I have a seperate subnet on the WLAN port. But if I bridge the WLAN port to the LAN port it works. Also the DHCP works fine now without any special settings. This "state" is ok for me. in earier (some days ago) snapshots this won't work.

But I'm interested to know how it don't works if the WLAN is on another subnet. Routing?

Sigma

dotdash

I'm completely overtired right now, so maybe I'm getting this wrong, but wouldn't you need to create a parallel tunnel to the wireless subnet, so the tunnel could reach both subnets? (when they are not bridged) As an alternative, you could change your side to 10.10.0.0/21 to encompass both subnets.

sigma

Between this and the last message, I changed nothing on the system, but now it don't works again in bridged mode. It works a few hours, and today I had the same, DHCP problem (don't get an ip from DHCP). After many tries and restarts I got an IP address, has access to the servers on the LAN side but no internet connection. So I do the following. I bridged LAN to WAN (OPT2) and WLAN to LAN in their config page. So I had again access to the internet and - also to the VPN.

But after a restart of the notebook I don't get an IP from the DHCP server. I don't understand the world…

Seperate subnets:

I thinking of that, and also tried it out, but I can't make two VPN's on the same WAN IP. At least on the other side, where an ZyWALL works. So either it must give an option to access the VPN also from a seperate WLAN subnet or the bridge mode works. But there are several problems. DHCP which works sometimes and somtimes not, access to the internet (after DHCP works) is not sure (LAN works every time if I get an ip from DHCP) and access to the VPN works also sometimes and sometims not. I can't figure out the reason for this behavier.

If I have the WLAN interface in bridge mode with the LAN interface there's a "Learning bridge" on both interfaces:

Bridge (bridge0): learning

Maybe I hafe to flush the bridge table for reinitialize?? But where ist it :-)

At the moment I have a configuration which works again. While I wrote this message, nothing works, I write here, test on the oter side and now it works in bridge mode, same settings as before. I'm pretty sure, it works again not tomorrow (ehh, today :-) if I start the notebook after sleeping.

It's not typical with the prerelease snapshots. It also happens with the release 1.2.2

Maybe I have a hardware problem, incompatibility?? Don't know (ALIX 2D3)

I'll try tomorrow and we'll se if it happens as I guess. I saved this running setup now.

Sigma

sigma

In the meantime this thread is off topic and should moved back to Prerelease 1.2.3 :-)

It takes no more than the time between I wrote the laste message.

Actual status:
WLAN to LAN: Access ok
WLAN to WAN (internet): no access
WLAN to VPN: no access

It works with the same configuration an hour before. I only reboot the notebook and let it "sleep" half an hour.

I have no more ideas… and go sleep now.

Sigma