Cannot ping or access my IPSEC VPN clients from local LAN



  • I did read the whole week and tried several things but without success. I also found this link:

    https://forum.pfsense.org/index.php?topic=18406.msg94704#msg94704

    But it doesn't help either.

    My Problem:

    Our Mobile IPSEC Clients are connected this way:

    Mobile IPSEC client 192.168.56.0/24 <-> internet <-> pfsense with multiple WAN configuration <-> LAN 192.168.50.0/24

    We use the "GW Group FAILOVER" representing our multiple WAN configuration (which includes two Internet uplinks) in our IPSEC Phase 1 configuration.

    If a mobile IPSEC Client using ShrewSoft VPN Client connects he can access all LAN adresses (except 192.168.50.1 but that's not the important thing). We are very fine with that.

    But vice versa - if a LAN Client tries to ping or access an IP within the IPSEC Client IP-range (for example for remote Support purposes) there is no reply. It only works from the pfsense-box itself by using:

    $# ping -S 192.168.50.254 192.168.56.1
    PING 192.168.56.1 (192.168.56.1) from 192.168.50.254: 56 data bytes
    64 bytes from 192.168.56.1: icmp_seq=0 ttl=128 time=87.757 ms
    64 bytes from 192.168.56.1: icmp_seq=1 ttl=128 time=73.312 ms
    64 bytes from 192.168.56.1: icmp_seq=2 ttl=128 time=90.853 MS

    I played a lot with automatic/manual Outbound NAT and rules, Firewall rules , static Routing , IPSEC Server and Client Settings and so on. But I have no idea where to look next …

    Any help is appreciated.