IPsec Tunnel FritzBox pfSense with only WAN Interface

Blackshie · Sep 6, 2022, 9:01 PM

i am almost desperate now and maybe someone could help me.

I am trying to connect a fritzbox with a pfsense over an ipsec vpn tunnel.

The problem is I only have a WAN interface, and I can't add more (hosted vserver).
all instructions on the internet refer to the case that you also have a lan interface

i already tried everything and i also get a green connection on FritzBox side.
also it shows the connection in the pfsense successful

But no ping goes through in any direction.
hopefully someone of you has an idea?

thank you

below are my settings

fritzbox settings

vpncfg {
connections {
  enabled = yes;
  conn_type = conntype_lan;
  name = "VPN Cloud pfSense"; // NAME der Verbindung
  always_renew = yes; // Verbindung immer herstellen
  reject_not_encrypted = no;
  dont_filter_netbios = yes;
  localip = 0.0.0.0;
  local_virtualip = 0.0.0.0;
  remoteip = XXXXXXXX; // Feste oeffentliche IP der pfSense Firewall
  remote_virtualip = 0.0.0.0;
  localid {
    fqdn = "XXXXXXXXX"; // dyndns name der FritzBox
    }
  remoteid {
    ipaddr = XXXXXXXX; // Feste oeffentliche IP der pfSense Firewall
    }
  mode = phase1_mode_idp;
  phase1ss = "dh14/aes/sha";
  keytype = connkeytype_pre_shared;
  key = "XXXXXXXX";
  cert_do_server_auth = no;
  use_nat_t = no;
  use_xauth = no;
  use_cfgmode = no;
  phase2localid {
    ipnet {
      ipaddr = 192.168.0.0;
      mask = 255.255.255.0;
      }
    }
  phase2remoteid {
    ipnet {
      ipaddr = XXXXXXX; // Das interne Netzwerk LAN hinter der pfSense
      mask = 255.255.255.0; // inklusive Subnetmask
      }
    }
  phase2ss = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs"; // wichtig, da sonst kein Datenaustausch
  accesslist = "permit ip any 10.10.0.0 255.255.244.0"; // Firewall Einstellungen für pfSense Subnetz
  }
  ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                      "udp 0.0.0.0:4500 0.0.0.0:4500";
}