Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec endpoint at LAN

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteffenJorgensen
      last edited by

      Hello,

      Is it not possible to have a IPSec endpoint at the LAN?
      I my setup I have public IPs on both WAN and LAN. In pfSense NAT is disabled ("advanced mode" and no rules).

      On the LAN-side there is another firewall, and I would like to make a IPSec tunnel from outside the pfSense to the LAN firewall. The LAN firewall is allowed ALL traffic in both ways in pfSense. I have also disabled "Block private networks" on the WAN interface.

      The tunnel works fine if I place the VPN client on the LAN (when the traffic doesn't pass thru pfSense), but when I place the VPN client on the outside no tunnel is created. It seems like the LAN firewall tries to answer (it says "responding to Main Mode") but the VPN client doesn't receive the packets, and starts from the begining.

      Does anyone have any idea of what's wrong?

      Regards
      Steffen

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.