VPN Mobile IPSec unable to access LAN machines

user1089082098

Hello everyone,

I am stuck with a problem for a few days.
I have 3 OVH instances in a private network (vrack) (10.0.1.0/24). One of the instance is a pfSense firewall (10.0.1.254).

I did setup a VPN mobile IPSec tunnel (192.168.1.0/24), and I can connect successfully using Windows default client. While i'am connected, i can ping and ssh into the pfSense without any problem.
I'am trying to access the other OVH instances through this tunnel but I can't figure out :(

Firewall rule :

Traffic is being allowed by this rule :

But the machine does not receive the packet :

I tried to create routes but i'am not sure of what am i doing :

(Every instance can ping each other)

Any help would be very appreciated :)

periko

@user1089082098 Can u show your phase 2 settings?

What mobile setup ? EAP-TLS, EAPMSCHAPv..?

Is a split tunnel or full tunnel?

Pfsense version?

Regards!!!

user1089082098

@periko Here are my phase 2 settings :

I'am using EAP-TLS to authenticate my users.

I just upgraded to 2.7.2.

It is a full tunnel.

Thanks for your reply :)

user1089082098

@periko I did a NAT rule :
Interface Source Source port Destination Destination port NAT Address NAT port Static port
LAN * * 10.0.1.0/24 * LAN Address * crossed arrow

and now my vpn client can communicate with my LAN instances. This was probably due to the OVH firewall that is dropping the packets because of the src address not falling within the subnet.

But I still don't know how to give access to internet from those instances.

Actually the default NAT rules is :
127.0.0.0/8 ::1/128 10.0.1.0/24 192.168.1.0/24 * * * WAN address *

But i think using the WAN Address to NAT the internet traffic will produce the same error, since the address is not falling within the subnet

periko

@user1089082098 If u can, send me a message and we see if we can help u.