• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing issue when ping external ip through mobile client vpn

Scheduled Pinned Locked Moved Routing and Multi WAN
3 Posts 2 Posters 630 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mmangiante
    last edited by Jul 30, 2021, 2:47 PM

    Hello,

    first, sorry for the crosspost, but I haven't received any reply on IPSec forum, so maybe someone here can help me; for my ipsec vpn I have a setup with mobile client; I defined the subnet 192.168.106.0 to connect to pfsense, where I created a ipsec connection with P1 and P2 that connect to my corporate network 192.168.0.0/24; my pfsense firewalls are 192.168.0.31 and 192.168.0.32 and have a vip, 192.168.0.30; I have 2 cisco 3560 with ip 192.168.0.2 and 192.168.0.3 that are in HSRP with ip 192.168.0.1: this is my network gateway, where I have a route like this:

    ip route 0.0.0.0 0.0.0.0 192.168.0.30 99 name vs-fpscarp

    Other thing that I've done for the vpn is split tunneling; we alla have Windows 10 as client so I simply unchecked the option to use the predefined gateway, and to access the various networks that we had we simply use the powershell command (for example):

    Add-VpnConnectionRoute -Name "IM-VPN" -DestinationPrefix 192.168.0.0/24

    and we can access 192.168.0.0/24 network servers.
    Now the issue; we have some Amazon virtual machines where we have set security group with our public ip 93.150.27.178/28, so if I ping from a device inside my 192.168.0.0/24 we retrieve the ping, but if I try this from a machine that is in vpn, so have as address, for example, 192.168.106.x, I have no response.
    I tried to create a static route on the pfsense, but this created a ttl expired in transit if I ping an Amazon vm from 192.168.0.0/24 machine;
    I simply also tried to add the Amazon vm ip address to the local machine roundtable that is loaded when I access vpn with the command:

    Add-VpnConnectionRoute -Name "IM-VPN" -DestinationPrefix 34.199.70.82/32

    but obviously it doesn't work.
    Any suggestion is appreciated.

    V 1 Reply Last reply Jul 30, 2021, 3:13 PM Reply Quote 0
    • V
      viragomann @mmangiante
      last edited by Jul 30, 2021, 3:13 PM

      @mmangiante
      You need to add a static route for the VPN tunnel network to the Ciscos pointing to pfSense.

      M 1 Reply Last reply Sep 2, 2021, 11:31 AM Reply Quote 0
      • M
        mmangiante @viragomann
        last edited by Sep 2, 2021, 11:31 AM

        Hello @viragomann

        thanks for your reply: I tried it, so I created this entry in my Cisco:

        ip route 192.168.106.0 255.255.255.0 192.168.0.30

        but can't ping or ssh anything. Any other suggestion? Maybe some configuration on the pfsense side.

        --
        Regards,

        Marco

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received