IPSEC VPN with MAC ACL in a Switch



  • Hello,

    I successfully setup a IPSEC VPN road warrior using pfsense and it works great. Recently I decided to enable MAC access control list on my switch, but this results in a problem. With MAC ACL on while using the VPN I can only access the pfsense router, with it off I can access the network.

    How can I use my switches MAC ACL  without cutting of my remote connection to the network?

    -Thanks



  • To add a little more detail:

    The LAN is on the 192.168.11.0 network
    Pfsense is set to give out IP addresses on 192.168.12.0 network to road warriors.

    This works great but for more security I enabled media access control access control list on a netgear gs724tp switch. I added all the MAC addresses listed under my computer when using the ipconfig /all command (and the other hosts in the LAN). Unfortunately my computer is still blocked only when using a VPN, but I can still access the router. With MAC ACL off the VPN performs properly.

    Does IPSEC VPN use the NIC's MAC of the computer using the VPN, router MAC address or does it create a random MAC address?



  • The MAC of your machine is only locally-significant. Your traffic from the VPN, when it gets to your LAN, is sourced from the LAN NIC MAC of the firewall. Allow its MAC (see Status>Interfaces).