Internet Access Via IPsec SitetoSite Tunnel Issue - local interface unreachable
-
Hoping someone can help.
I'm following the instructions here:
https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnelEnvironment is pfSense 2.2.2 to pfSense 2.2.2 on pfSense hardware. No issues creating lan to lan type IPsec VPNs between the sites.
As soon as I enable a phase 2 entry on the "remote office" site that includes the 0.0.0.0/0 net as the remote network and the tunnel comes up I can access the internet from the remote office (as in I can pass traffic). The issue is the lan interface on the remote office end goes dark. Local clients can no longer resolve DNS from the resolver there, you can't access the web configuration, ssh sessions to the firewall interface goes down.
On the "headquarters side" you see firewall log entries from what is the local lan on the remote office. example client -> firewall interface dns etc
Is this normal? It is a bit problematic because we can't use the DNS resolvers etc.
Any help would be appreciated, Thank You!
-Paul -
Followup incase someone ever has similar problems… Two things...
1. I was unclear about the interface. I said "LAN" but it was a WLAN interface and I think this had something to do with generating the behaviors I was seeing.
2. I "fixed" it by setting the DHCP range on that interface to a range that looked like x.x.x.129-254 and setting the network in the IPsec SAs to x.x.x.128/25 thus pulling the .1 interface (firewall) out of the networks on the tunnel. This worked. Clients in the DHCP range go over the tunnel for internet access and the firewall interface still works as expected.Hack but it works for now and I'm not going to need more DHCP space there for a while (famous last words...)