Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Greenbow client connection success but no ping

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Micro
      last edited by

      Hi everyone,
      I need your help because I'm trying to use the greenbow vpn client to connect to pfsense through ipsec tunnel.
      I'm running greenbow under windows 7 x64.
      The problem is the following :
      The greenbow success to connect pfsense (both phase 1 and 2 are OK and if I go into the IPsec status, I can see the tunnel established between greenbow and pfsense).
      However, I'm unable to ping in both direction (from LAN to mobile client and from mobile client to LAN).
      All firewall's rules have been checked twice (ESP protocol and UDP port 500 allowed on WAN interface, all traffic allowed for IPsec interface and ICMP allowed on LAN interface).

      There is something I don't understand because in the configuration of the greenbow, I can define the virtual IP of the mobile client on the LAN but there is no possibility to define the default gateway.
      As it is recommended into the following user's guide, I defined a virtual IP in a different subnet than the remote LAN.
      http://www.thegreenbow.com/doc/tgbvpn_cg-pfsense-router-en.pdf
      So I don't understand how the mobile client could join any device on the remote LAN.

      I would like to know if someone has been able to build successfully a connection between this client or another IPsec mobile client to pfsense gateway and if he can help me to configure my connection to success.

      Thank you for your help.

      The biggest security issue is …. you !!!

      HW : Watchguard Firebox x700
      CPU : Intel Celeron 1.2GHz
      RAM : 256MB

      1 Reply Last reply Reply Quote 0
      • B
        beaven67
        last edited by

        You dont have to define a default gateway for the ip just as long as you have defined the network that is behind the firewall as the remote network.
        If the client is connecting but not passing traffic. Try setting the client on the public segment with a public ip, so that there is not other devices between the firewall and the client and then connect. If the vpn passes traffic you have a nat or mtu issue of some kind if you still cant ping etc.. make sure you have a rule ie * <–> * any any on the ipsec interface for vpn traffic.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.