Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot ping or access my IPSEC VPN clients from local LAN

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ocz
      last edited by

      I did read the whole week and tried several things but without success. I also found this link:

      https://forum.pfsense.org/index.php?topic=18406.msg94704#msg94704

      But it doesn't help either.

      My Problem:

      Our Mobile IPSEC Clients are connected this way:

      Mobile IPSEC client 192.168.56.0/24 <-> internet <-> pfsense with multiple WAN configuration <-> LAN 192.168.50.0/24

      We use the "GW Group FAILOVER" representing our multiple WAN configuration (which includes two Internet uplinks) in our IPSEC Phase 1 configuration.

      If a mobile IPSEC Client using ShrewSoft VPN Client connects he can access all LAN adresses (except 192.168.50.1 but that's not the important thing). We are very fine with that.

      But vice versa - if a LAN Client tries to ping or access an IP within the IPSEC Client IP-range (for example for remote Support purposes) there is no reply. It only works from the pfsense-box itself by using:

      $# ping -S 192.168.50.254 192.168.56.1
      PING 192.168.56.1 (192.168.56.1) from 192.168.50.254: 56 data bytes
      64 bytes from 192.168.56.1: icmp_seq=0 ttl=128 time=87.757 ms
      64 bytes from 192.168.56.1: icmp_seq=1 ttl=128 time=73.312 ms
      64 bytes from 192.168.56.1: icmp_seq=2 ttl=128 time=90.853 MS

      I played a lot with automatic/manual Outbound NAT and rules, Firewall rules , static Routing , IPSEC Server and Client Settings and so on. But I have no idea where to look next …

      Any help is appreciated.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.