• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPSec Mobile client internet access

Scheduled Pinned Locked Moved IPsec
8 Posts 2 Posters 750 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    albgen
    last edited by Oct 25, 2023, 11:40 AM

    Hello,

    i have setup a IKEv2 mobile ipsec for windows client and is working fine.
    The problem is that once connected, windows does not have internet. Reaching the subnet LAN on pfSense is working.

    Now i saw that in order to accomplish that needs to have a local network of 0.0.0.0/0 on P2.
    The problem is that i cannot set this value because i get the error "Phase2 with this Local Network is already defined for mobile clients."
    25e6ecf9-4802-4772-9368-be9ddc975b1b-image.png

    i really don't understand what is the issue.

    thanks

    1 Reply Last reply Reply Quote 0
    • H
      hzrnbgy
      last edited by Nov 3, 2023, 1:42 AM

      Try just sending the pfsense subnet to the Windows client. So if the subnet behind pfsense if 192.168.XX.XX/24, use that instead of 0.0.0.0/0 in the Local Network Address section. This is what they call Split-tunneling. Giving mobile clients 0.0.0.0/0 means all their traffic is routed to the VPN which would cause the Internet on the client to go down if the firewall rule isnt applied properly in pfsense

      A 1 Reply Last reply Nov 3, 2023, 8:21 AM Reply Quote 0
      • A
        albgen @hzrnbgy
        last edited by albgen Nov 3, 2023, 8:22 AM Nov 3, 2023, 8:21 AM

        @hzrnbgy Well, i tried your suggestions but did not work because is the same as setting on "Local Network" = "LAN subnet" instead of "Network" like shown on the screenshot.

        1 Reply Last reply Reply Quote 0
        • H
          hzrnbgy
          last edited by Nov 3, 2023, 10:07 AM

          Are you using Windows built-in IPSec VPN client? If so, you should not use Tunnel Mode IPSec since that is more suited for site-to-site VPN. Your use case if more of Transport Mode IPSec.

          A 1 Reply Last reply Nov 3, 2023, 10:27 AM Reply Quote 0
          • A
            albgen @hzrnbgy
            last edited by Nov 3, 2023, 10:27 AM

            @hzrnbgy yes, i'm using the builtin Windows Client VPN. Still, even in trasport mode does not work. Cannot even reach the LAN network.

            1 Reply Last reply Reply Quote 0
            • A
              albgen
              last edited by Nov 5, 2023, 9:47 AM

              @albgen said in IPSec Mobile client internet access:

              0.0.0.0/0 on P2.

              on previous version of pfSense, entering this subnet was working.
              Why did they changed by not allowing to eneter that subnet?

              1 Reply Last reply Reply Quote 0
              • H
                hzrnbgy
                last edited by Nov 5, 2023, 12:54 PM

                Do you mind posting your P1 and P2 configuration so we can try work out the settings? You can remove personal info such as IPs and passwords

                1 Reply Last reply Reply Quote 0
                • A
                  albgen
                  last edited by Nov 5, 2023, 3:12 PM

                  Phase1
                  35d54499-95cc-4bc7-a19f-ee36e9d26922-image.png
                  0853b47a-24d0-4420-8a19-dc9ec1f62e37-image.png
                  502b6db4-5a9d-4491-a3dd-84362f44c8b1-image.png
                  Phase2
                  edf50591-7508-479b-8fb7-ba94baef191b-image.png
                  b8a82af2-cf39-4d62-9ac4-2164ef4eab88-image.png
                  Mobile Client section
                  186d59c4-d427-48e6-a5b6-23d069f88e59-image.png cc306b4c-5e64-49d5-8ee0-4f60bb14ee65-image.png
                  3068fe04-9607-470e-a8c9-d7324e97b0e9-image.png

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received