[Solved] IPSec VPN client cannot be accessed from LAN

rsingh

Hey guys,

Here's what I have going:

mobile client 192.168.2.0/24 <-> internet <-> pfsense <-> lan 192.168.1.0/24

The mobile client can access all servers on the 192.168.1.0/24 network. two way communication is fine IF it is initiated by the mobile client. from the lan, you cannot reach the mobile client. you can't ping it's ip address, nor can you reach any of the services it's running.

I setup shrew soft vpn as per the document on this site.
i'm not seeing any drops in the real-time firewall log.
My IPSec rule is to any-any

Any ideas on how I can set this up to make 192.168.1.0/24 able to access 192.168.2.0/24 whenever it wants?

=======================================================
Solution:

I looked through other threads in this forum and found this link:

http://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

Quote:
"To do this, click "Static Routes" in the webGUI. Click the + to add a static route. In the Interface box, choose LAN, for destination network, enter the remote end VPN subnet, and for the gateway put in the LAN IP address of your local pfSense."

After doing this, my lan can initiate connections to the IPSec VPN clients.

Here's what the static route looks like:
Interface  Network  Gateway  Description 
LAN 192.168.2.0/24 192.168.1.1 IPSec VPN