IPsec Clients Unable Access Windows Shared Folder

  • Hello! I have some clients (part of a Windows domain), they sign in to their laptops, run Shrew VPN client, connect to our PFsense, and from there they can ping anything, and even connect to the Exchange Server.

    But when they try to go to their home drive, U: in this case, which resides on a Storage server (running Windows Server), they get denied access.

    Funny thing is, from my home laptop, not joined to the domain, if I try to connect to my home folder via UNC path, at least I get asked for my user and password, instead of been immediately denied access.

    Do you guys know what I can do to allow this transparently? Do you think the users get turned into a different one when coming in through the IPsec VPN?

    We used to have OpenVPN implemented (not through PFsense) and everything was working fine. I'm not that familiar with IPsec, so thanks for your help!


  • Rebel Alliance Developer Netgate

    That's generally up to the server itself, your firewall rules on the IPsec tab, and how your client access the server.

    If the server allows the connection from the VPN subnet, it should work, provided the traffic passes in your IPsec firewall rules, and the clients are accessing it by \x.x.x.x where x.x.x.x is the IP of the server.

    Browsing/accessing by name probably isn't going to work in most cases. If it works by IP and not by name, check the client's DNS settings and such in Shrew.

    OpenVPN works much better, especially for road warrior/mobile clients.

Log in to reply