Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing issue when ping external ip through mobile client vpn

    Routing and Multi WAN
    2
    3
    551
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmangiante
      last edited by

      Hello,

      first, sorry for the crosspost, but I haven't received any reply on IPSec forum, so maybe someone here can help me; for my ipsec vpn I have a setup with mobile client; I defined the subnet 192.168.106.0 to connect to pfsense, where I created a ipsec connection with P1 and P2 that connect to my corporate network 192.168.0.0/24; my pfsense firewalls are 192.168.0.31 and 192.168.0.32 and have a vip, 192.168.0.30; I have 2 cisco 3560 with ip 192.168.0.2 and 192.168.0.3 that are in HSRP with ip 192.168.0.1: this is my network gateway, where I have a route like this:

      ip route 0.0.0.0 0.0.0.0 192.168.0.30 99 name vs-fpscarp

      Other thing that I've done for the vpn is split tunneling; we alla have Windows 10 as client so I simply unchecked the option to use the predefined gateway, and to access the various networks that we had we simply use the powershell command (for example):

      Add-VpnConnectionRoute -Name "IM-VPN" -DestinationPrefix 192.168.0.0/24

      and we can access 192.168.0.0/24 network servers.
      Now the issue; we have some Amazon virtual machines where we have set security group with our public ip 93.150.27.178/28, so if I ping from a device inside my 192.168.0.0/24 we retrieve the ping, but if I try this from a machine that is in vpn, so have as address, for example, 192.168.106.x, I have no response.
      I tried to create a static route on the pfsense, but this created a ttl expired in transit if I ping an Amazon vm from 192.168.0.0/24 machine;
      I simply also tried to add the Amazon vm ip address to the local machine roundtable that is loaded when I access vpn with the command:

      Add-VpnConnectionRoute -Name "IM-VPN" -DestinationPrefix 34.199.70.82/32

      but obviously it doesn't work.
      Any suggestion is appreciated.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @mmangiante
        last edited by

        @mmangiante
        You need to add a static route for the VPN tunnel network to the Ciscos pointing to pfSense.

        M 1 Reply Last reply Reply Quote 0
        • M
          mmangiante @viragomann
          last edited by

          Hello @viragomann

          thanks for your reply: I tried it, so I created this entry in my Cisco:

          ip route 192.168.106.0 255.255.255.0 192.168.0.30

          but can't ping or ssh anything. Any other suggestion? Maybe some configuration on the pfsense side.

          --
          Regards,

          Marco

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.