IPSec Mobile Client from both Outside and Inside

keyser

We are using IPsec Mobile VPN for some admins to access a management network from the outside - works like a charm.

But quite often those same people are on site (small locations) where they are only connected to the regular LAN, and due to security ALL access to management is blocked from LAN.

Is there any way to get the same IPSec Mobile VPN working regardless if you are outside or Inside?
The obvious way would be having the Mobile VPN listener also listening on LAN.

But IPsec Mobile VPN server can only listen on one IP, and you cannot create multiple IPsec mobile VPN instances in pfSense.

EDIT: IPv4 only, and we have only a few static WAN IP’s, so all internal networks are NAT’ed going to the Internet.

keyser

@keyser Updated: It actually works if your IPsec is running in tunnelmode and you make sure to resolve the vpn endpoint name to the public IP on the WAN interface, from the inside as well :-)

hackeronrent

This post is deleted!