Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shrew soft, IPSec Mobile issues, connects but cannot PING! Please Help!

    Scheduled Pinned Locked Moved IPsec
    12 Posts 5 Posters 34.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bdwyer
      last edited by

      On pfSense, ensure you have the Phase 2 Local Network Type set to LAN subnet or whatever network your server resides on.  Also, on the mobile settings list, check the Network List, I do not know why the guides on here say not to do that.

      On the Shrewsoft client, make sure you have Policy Generation set to Unique, and Obtain Topology Automatically enabled.

      Eventually, you may want to force NAT Traversal on, but wait until you have a stubborn network which you cannot VPN from before you try that.

      CCNP, MCITP

      Intel Atom N550 - 2gb DDR3
      Jetway NC9C-550-LF
      Antec ISK 300-150
      HP ProCurve 1810-24
      Cisco 1841 & 2821, Cisco 3550 x3

      1 Reply Last reply Reply Quote 0
      • C
        cakewipe
        last edited by

        Hi,
        Thanks for the help and sorry for the long delay but I've been working on other projects.
        Vorkbaard sent me this reply via IM.
        @Vorkbaard:

        Hi, I read your post and I had more or less the same problem. I'm sending you a dm so as not to spam the forum as I have already posted a general topic advertising the article I wrote on how I solved this.

        If you're interested, here is my solution: https://sites.google.com/a/vorkbaard.nl/dekapitein/tech-1/how-to-set-up-ipsec-tunneling-in-pfsense-2-0-release-for-road-warriors

        Hope it helps!

        I followed his instructions and now I am able to see my pfSense server admin console and ping it fine over the vpn but I still can't ping the file server access the URL of the server.

        In the instructions he doesn't go into the firewall or the NAT settings very much and I'm wondering if this is my problem.
        I went in and opened all ports for IPsec and WAN and LAN but I still cant see the fileserver.

        I've made a simple drawing of my setup and I'm hoping someone can help me figure out why I cant see my fileserver.

        None of the other replies helped at all and if I can't figure pfsense out then I may need to go to another type of router.  :'(
        My setup is really very simple but I can't seam to figure out what I am missing  I am sure it's something simple.

        Thanks in advance.

        1 Reply Last reply Reply Quote 0
        • C
          cakewipe
          last edited by

          Can nobody help? 
          I can access the internet from the server through the pfsense router and can connect to the router through vpn I just can't access the server.

          1 Reply Last reply Reply Quote 0
          • C
            cakewipe
            last edited by

            After a TON of reading and trial and error I finally found a setting that allowed me to ping my fileserver.  I've noticed a ton of people have similar issues and nobody seams to help them so I'm hoping this will help someone.

            In the forum I stumbled across this post http://forum.pfsense.org/index.php/topic,49289.0.html his network seams much different from mine but I decided to follow the instructions laid out here: http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F
            I had to setup a Static Route

            and I also had to add the LAN IP address as my LAN Gateway

            I can now ping just fine but I don't understand why this static route was necessary.  Mine is a simple client connecting to a server through IPSec VPN.  This seams like one of the most basic VPN configurations and something like this wouldn't be necessary. 
            Since I've setup this static route my connection has become VERY unstable. 
            Is there a better solution someone can think of?

            1 Reply Last reply Reply Quote 0
            • C
              cakewipe
              last edited by

              Finally after much trial and error, I decided to pay the $600 for support to figure out why I couldn't access my server without a static route.  It turns out my default gateway on my server got reset to 0.0.0.0.  I know this is a stupid error but I did set it up before. It took many hours to figure out and I hope this can help someone else.  I could see the server through a cisco vpn with the same settings so I didn't think it could be a setting on the Server itself.

              With their help, I was able to configure my vpn to be accessible through Shrewsoft (windows), IOS and Android devices.  I am trying to document the settings I used but in the meantime if anyone needs help with the same thing ping me and I can send you the settings I have.

              Thanks to chris and jim for your help.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                As an additional note, the reason it was working with the static route wasn't because of the static route, but because you had the LAN "gateway" set on the LAN interface page, which caused it to apply outbound NAT to the traffic leaving the LAN interface. Due to the outbound NAT, the traffic leaving that interface appeared to come from the firewall itself, so it returned OK since your server believed it originated from within its own subnet.

                Kind of a tricky one, surely.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • S
                  sslinfotech
                  last edited by

                  @cakewipe:

                  Finally after much trial and error, I decided to pay the $600 for support to figure out why I couldn't access my server without a static route.  It turns out my default gateway on my server got reset to 0.0.0.0.  I know this is a stupid error but I did set it up before. It took many hours to figure out and I hope this can help someone else.  I could see the server through a cisco vpn with the same settings so I didn't think it could be a setting on the Server itself.

                  With their help, I was able to configure my vpn to be accessible through Shrewsoft (windows), IOS and Android devices.  I am trying to document the settings I used but in the meantime if anyone needs help with the same thing ping me and I can send you the settings I have.

                  Thanks to chris and jim for your help.

                  Can you send me the configuration details…pls...ssl3004@yahoo.com

                  thanks

                  1 Reply Last reply Reply Quote 0
                  • C
                    cakewipe
                    last edited by

                    Can you send me the configuration details…pls...ssl3004@yahoo.com

                    thanks

                    Sent to ssl3004@yahoo.com

                    1 Reply Last reply Reply Quote 0
                    • C
                      cakewipe
                      last edited by

                      I have added my documentation to google docs so anyone can see it.

                      Here is the link for pfSense Router settings
                      https://docs.google.com/file/d/0B2zOOBoh3isOSmtYakVEc3ZNWDA/edit?usp=sharing

                      Here is the link for Shrewsoft, Android, iOS Clients.
                      https://docs.google.com/document/d/1Pl21sk7ckU6dSqgxtXu6iNIv8-60bv7AFFVUQwdJ_WE/edit?usp=sharing

                      Please leave comments if this is helpful so I will know not to remove the documents from my share.

                      1 Reply Last reply Reply Quote 0
                      • L
                        les_garten
                        last edited by

                        @cakewipe:

                        I have added my documentation to google docs so anyone can see it.

                        Here is the link for pfSense Router settings
                        https://docs.google.com/file/d/0B2zOOBoh3isOSmtYakVEc3ZNWDA/edit?usp=sharing

                        Here is the link for Shrewsoft, Android, iOS Clients.
                        https://docs.google.com/document/d/1Pl21sk7ckU6dSqgxtXu6iNIv8-60bv7AFFVUQwdJ_WE/edit?usp=sharing

                        Please leave comments if this is helpful so I will know not to remove the documents from my share.

                        Hello Cakewipe,
                            Thanx for your work here.  I am having a similar problem you had.  When the client connects, there is no route handed to the client according to ipconfig on the windows box.

                        I see not route to that network on the pfsense box.

                        So looking over your doc above it looks like you are still using the static route, is that true?

                        Did you have to use PSK-Xauth?  It wouldn't work with just PSK?

                        I looked over your doc

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.