Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Cannot ping or access my IPSEC VPN clients from local LAN

    IPsec
    1
    1
    970
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ocz last edited by

      I did read the whole week and tried several things but without success. I also found this link:

      https://forum.pfsense.org/index.php?topic=18406.msg94704#msg94704

      But it doesn't help either.

      My Problem:

      Our Mobile IPSEC Clients are connected this way:

      Mobile IPSEC client 192.168.56.0/24 <-> internet <-> pfsense with multiple WAN configuration <-> LAN 192.168.50.0/24

      We use the "GW Group FAILOVER" representing our multiple WAN configuration (which includes two Internet uplinks) in our IPSEC Phase 1 configuration.

      If a mobile IPSEC Client using ShrewSoft VPN Client connects he can access all LAN adresses (except 192.168.50.1 but that's not the important thing). We are very fine with that.

      But vice versa - if a LAN Client tries to ping or access an IP within the IPSEC Client IP-range (for example for remote Support purposes) there is no reply. It only works from the pfsense-box itself by using:

      $# ping -S 192.168.50.254 192.168.56.1
      PING 192.168.56.1 (192.168.56.1) from 192.168.50.254: 56 data bytes
      64 bytes from 192.168.56.1: icmp_seq=0 ttl=128 time=87.757 ms
      64 bytes from 192.168.56.1: icmp_seq=1 ttl=128 time=73.312 ms
      64 bytes from 192.168.56.1: icmp_seq=2 ttl=128 time=90.853 MS

      I played a lot with automatic/manual Outbound NAT and rules, Firewall rules , static Routing , IPSEC Server and Client Settings and so on. But I have no idea where to look next …

      Any help is appreciated.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy