Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipad can not access private network with pfsense 2RC3

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wangpro
      last edited by

      hi,
      I installed pfsense 2 rc3 and configured ipsec for ipad.
      The wan address is 192.168.1.101 and lan address is 192.168.2.10, ipsec client network for ipad is 192.168.2.180/24.
      when server  started ,ipad could get ip address (192.168.2.181),but it can not access lan (192.168.2.10).
      ipfilter fules are ok.
      here is my racoon configuration file and some usingful imformation
      racoon.conf
      listen
      {
      adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
      isakmp 192.168.1.101 [500];
      isakmp_natt 192.168.1.101 [4500];
      }

      mode_cfg
      {
      auth_source system;
      group_source system;
      pool_size 253;
      network4 192.168.2.181;
      netmask4 255.255.255.0;
      split_network include 192.168.2.0/24;
      save_passwd on;
      }

      remote anonymous
      {
      ph1id 2;
      exchange_mode aggressive;
      my_identifier address 192.168.1.101;
      peers_identifier user_fqdn "u@v.com";
      ike_frag on;
      generate_policy = unique;
      initial_contact = off;
      nat_traversal = on;

      dpd_delay = 10;
      dpd_maxfail = 5;
      support_proxy on;
      proposal_check obey;
      passive on;

      proposal
      {
      authentication_method xauth_psk_server;
      encryption_algorithm des;
      hash_algorithm sha1;
      dh_group 2;
      lifetime time 86400 secs;
      }
      }

      sainfo  anonymous
      {
      remoteid 2;
      encryption_algorithm aes 128;
      authentication_algorithm hmac_sha1;

      lifetime time 28800 secs;
      compression_algorithm deflate;
      }
      when tunnel is connected
      SAD is
      192.168.1.100 192.168.1.101 ESP 0c0387c1 aes-cbc hmac-sha1 6268 B 
      192.168.1.101 192.168.1.100 ESP 0b80e184 aes-cbc hmac-sha1 0 B 
      SPD is
      192.168.2.181 192.168.2.0/24  ESP 192.168.1.100 -> 192.168.1.101 
      192.168.2.0/24 192.168.2.181  ESP 192.168.1.101 -> 192.168.1.100

      the ipsec interface(enc0) can receive data package but no reponse any more

      could anybody help me? thanks.

      wangpro

      1 Reply Last reply Reply Quote 0
      • L
        lint
        last edited by

        @wangpro:

        lan address is 192.168.2.10, ipsec client network for ipad is 192.168.2.180/24

        You need to use a different subnet for IPsec.  Example, 192.168.3.0/24.

        My Ipad works perfectly with 2.0.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.