Mobile client connects, but that's about it
-
I can connect to my PFSense box using the Shrew client on my Windows 7 machine, but all I can do is connect to the pfsense router itself. Ping doesn't work on anything (Including the PFSense box), and I can't connect to any shares on any other machines. I followed the setup in the PFSense book, and added an exception to the firewall. What should I look for?
-
First, make sure that your firewall rule that you added on the IPsec tab was for 'any' protocol and not just TCP.
Next, if you are accessing items on the LAN, make sure that there are no client firewalls on the LAN systems which would block traffic from outside their subnet. Also make sure that pfSense is the default gateway for the systems on the LAN.
-
Thanks for the response. While trying to figure things out, I went back and changed the tab to 'any' protocol, but didn't make a difference. Also, there are no other firewalls, other than windows firewalls. This is a home network, with cable modem going into PFSense (recently replacing a DD-WRT Linksys router). PFSense's IP address is 192.168.8.1, which should be the default gateway for all my machines. Your third suggestion has me thinking… My IPSEC IP address is on the same subnet as the rest of my network. Is that OK? Also, is there some other configuration required for the IPSEC's IP address? I just picked one out of the range of DHCP.
-
The IPsec client IP must be in a different subnet.
Just pick any random unused range from the list of private nets
-
So for instance, if my network is 192.168.8.x, I should set the IPSEC's Ip to, as an example, 192.168.5.123? Won't I have problems accessing things?
-
You would only have problems if client firewalls on the PCs reject traffic from other subnets.
It should work fine.
-
Thanks! That seemed to do the trick. My only problem left is names. With PPTP on my old DD-WRT router, I could access a share by going to \server , but now I have to go to the IP address. Any fix for that?
-
Not easily. Not unless you have a WINS server and you can set your IPsec client to use that for name resolution across the tunnel.
-
I bit the bullet and installed a WINS server. All is good. Thanks!
-
Hello,
I have the same problem than RChadwick.
I've checked that the tunnel is opened by reading the logs on both sides (pfsense and client) and the tunnel is opened correctly.
I'm trying to use the greenbow vpn client to connect to pfsense but even if the tunnel is up, no traffic is going through it.
I've read and set the parameters as described in this documentation but it still not work :
http://www.thegreenbow.com/doc/tgbvpn_cg-pfsense-router-en.pdf
I set up the rules in firewall to log all blocked and allowed traffic on vpn connection in order to find the origin of the problem but there is nothing in the firewall's logs (mean there is no traffic that is coming from tunnel ?).Like RChadwick, I've setup the IP of the client in a different subnet than the LAN and during my tests, I try to ping my print server (that respond to ping when I send ICMP on the LAN) so that there is no firewalling problem on the target but I have no response from the print server and still no traffic logged in the firewall logs (ICMP is allowed from IPSEC virtual interface in firewall rules).
Does anybody have an idea on the origin of the problem ?
Thanks a lot.
-
Does anybody have an idea about this issue ?
I'm still unable to make my vpn working correctly.Please Help !!!
-
Yep I do!
Had the same problem as you. I wrote a mine-howto. the problem is windows firewall doesn't allow ping och smb from other then the localnet.
-
Thanks for your help Franken but Windows firewall is disabled on my computer.
I'm using another firewall software and I've tested when it is disabled but that still doesn't work.
In the log of pfsense, no packets are dropped so ….. that's why I don't have any idea on how to solve this problem.If anybody have another idea .....
-
Try connecting to with the pc just outside the pfsense firewall. You want to test it with nothing but a switch in between them. If the vpn passes traffic you may have same issue that i have. It looks like either a Nat issue or MTU problem I can't tell which because i get no other log output. other than microsoft fragmentation problem..
