Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Ipad can not access private network with pfsense 2RC3

    IPsec
    2
    2
    1551
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wangpro last edited by

      hi,
      I installed pfsense 2 rc3 and configured ipsec for ipad.
      The wan address is 192.168.1.101 and lan address is 192.168.2.10, ipsec client network for ipad is 192.168.2.180/24.
      when server  started ,ipad could get ip address (192.168.2.181),but it can not access lan (192.168.2.10).
      ipfilter fules are ok.
      here is my racoon configuration file and some usingful imformation
      racoon.conf
      listen
      {
      adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
      isakmp 192.168.1.101 [500];
      isakmp_natt 192.168.1.101 [4500];
      }

      mode_cfg
      {
      auth_source system;
      group_source system;
      pool_size 253;
      network4 192.168.2.181;
      netmask4 255.255.255.0;
      split_network include 192.168.2.0/24;
      save_passwd on;
      }

      remote anonymous
      {
      ph1id 2;
      exchange_mode aggressive;
      my_identifier address 192.168.1.101;
      peers_identifier user_fqdn "u@v.com";
      ike_frag on;
      generate_policy = unique;
      initial_contact = off;
      nat_traversal = on;

      dpd_delay = 10;
      dpd_maxfail = 5;
      support_proxy on;
      proposal_check obey;
      passive on;

      proposal
      {
      authentication_method xauth_psk_server;
      encryption_algorithm des;
      hash_algorithm sha1;
      dh_group 2;
      lifetime time 86400 secs;
      }
      }

      sainfo  anonymous
      {
      remoteid 2;
      encryption_algorithm aes 128;
      authentication_algorithm hmac_sha1;

      lifetime time 28800 secs;
      compression_algorithm deflate;
      }
      when tunnel is connected
      SAD is
      192.168.1.100 192.168.1.101 ESP 0c0387c1 aes-cbc hmac-sha1 6268 B 
      192.168.1.101 192.168.1.100 ESP 0b80e184 aes-cbc hmac-sha1 0 B 
      SPD is
      192.168.2.181 192.168.2.0/24  ESP 192.168.1.100 -> 192.168.1.101 
      192.168.2.0/24 192.168.2.181  ESP 192.168.1.101 -> 192.168.1.100

      the ipsec interface(enc0) can receive data package but no reponse any more

      could anybody help me? thanks.

      wangpro

      1 Reply Last reply Reply Quote 0
      • L
        lint last edited by

        @wangpro:

        lan address is 192.168.2.10, ipsec client network for ipad is 192.168.2.180/24

        You need to use a different subnet for IPsec.  Example, 192.168.3.0/24.

        My Ipad works perfectly with 2.0.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy