Cannot ping or access my IPSEC VPN clients from local LAN

  • I did read the whole week and tried several things but without success. I also found this link:

    But it doesn't help either.

    My Problem:

    Our Mobile IPSEC Clients are connected this way:

    Mobile IPSEC client <-> internet <-> pfsense with multiple WAN configuration <-> LAN

    We use the "GW Group FAILOVER" representing our multiple WAN configuration (which includes two Internet uplinks) in our IPSEC Phase 1 configuration.

    If a mobile IPSEC Client using ShrewSoft VPN Client connects he can access all LAN adresses (except but that's not the important thing). We are very fine with that.

    But vice versa - if a LAN Client tries to ping or access an IP within the IPSEC Client IP-range (for example for remote Support purposes) there is no reply. It only works from the pfsense-box itself by using:

    $# ping -S
    PING ( from 56 data bytes
    64 bytes from icmp_seq=0 ttl=128 time=87.757 ms
    64 bytes from icmp_seq=1 ttl=128 time=73.312 ms
    64 bytes from icmp_seq=2 ttl=128 time=90.853 MS

    I played a lot with automatic/manual Outbound NAT and rules, Firewall rules , static Routing , IPSEC Server and Client Settings and so on. But I have no idea where to look next …

    Any help is appreciated.

Log in to reply