IPSec Mobile Client Windows IKE2 routing issue
-
I hope someone can help me.
I am able to connect to my IPSec VPN client configured on pfSense without a problem using RADIUS since 2.2.4 was released, but I am unable to get to any hosts on the internal LAN. The pfSense config is detailed below, but i should also point out that my network is set up with "back to back" firewalls. (Note I renamed the WAN interface in pfSense to DMZ).
It looks like this:
External –> TMG FW --> DMZ (192.168.99.0/24) --> pfSense --> LAN (192.168.1.0/24)
I have rules on TMG which proxy pfsense ports 500 and 4500. I am using a wildcard SSL certificate which I have imported into pfSense (along with th intermediate/sigining certs) if that has any bearing on this.
I have created an allow all rule in pfSense on the IPSec tab for all protocols/source/destinations.
Is there anything obviously wrong about this which would prevent access to the LAN machines over VPN? Can I enable more logging to see what is happening?
Thanks in advance for any advice
PeterI've configured IPSEC Mobile Client as follows:
User Authentication: RADIUS
Group Authentication: NoneVirtual Address Pool: Yes
Network: 192.168.115.0/24Network List: Yes
Save XAuth: No
DNS Default domain: Yes
xxxxx.localSplit DNS: No
DNS Servers: Yes
192.168.1.12
192.168.1.28WINS Servers: Yes
192.168.1.12Phase 2 PFS Group: Off
Then phase 1 as follows:
Key Exchange: v2
Internet protocol: ipv4
Interface: DMZAuth method: EAP-RADIUS
My identifier: Distinguished name / vpn.xxxxxxxxxx
Peer identifier: Any
My Certificate: *.xxxxxxxxxx
My CA: AddTrustExternalCARootEnc algorithm: AES / 256
Hash algorithm: SHA256
DH key group: 2 (1024)
Lifetime: 28800Disable rekey: No
Disable reauth: No
Responder only: No
MOBIKE: Yes
Dead peer detection: Yes
10 seconds
5 retriesAnd finally phase 2 as follows:
Mode: Tunnel IPv4
Local Network: LAN subnetProtocol: ESP
Enc algorithm: AES / auto
Hash algorithm: SHA1
PFS key group: Off
Lifetime: 3600Auto ping host: