IPSec Mobile traffic passthrough

  • IPSec VPN is configured nicely, I can connect to it from my iPhone, and I can access IPs on the LAN and I can browse the internet just fine.

    However, despite any of my rules, NAT configuration, hair pulling or crying, I can NOT get my mobile traffic to pass through the tunnel.  Getting my IP while connected to the VPN shows my phones public IP, not my home IP.

    Any ideas? Am I just blind or is this above my head, it shouldn't be.

    I can post anything you need, screenshots, logs, whatever.  I could really use some help here.

  • Rebel Alliance Developer Netgate

    Do you have "Provide a list of accessible networks to clients" checked on the IPsec mobile tab? If so, try unchecking it.

  • I did have it checked but now that I've unchecked it and provided a DNS server list, the racoon daemon crashes if I try to log into the VPN.

    Any ideas?

  • Rebel Alliance Developer Netgate

    That's probably a quirk in racoon where it won't let you send four DNS servers, only three. If you send four, we've found that it causes a crash.

  • Dude, seriously, I love you. It works perfectly now.

    One more question though, what is changed by unchecking "Provide a list of accessible networks to clients"? Curiosity has the better of me.

  • Rebel Alliance Developer Netgate

    When checked, the server takes the list of networks on the mobile Phase 2 and sends them to the client as a "net list" or "split network" list, so that only the networks provided will be sent across the tunnel and others go to the Internet directly, rather than tunneling everything.

    It's up to the client to obey that setting. Some don't support it at all and always require a manual list, others respect it, others ignore it on purpose and send everything no matter what you do.

Log in to reply