IPSec VPN Internal access



  • Hoping someone can assist.

    I have IPsec VPN setup for my mobile phone.  I have my mobile phone setup for "Always-On" VPN.

    Works great from outside the network.  No issues.  Problem is, with "Always-On" VPN, it's just that..  Always on…  So, when I join my Wifi (From internal), it VPN's just fine, can ping external IP's like 8.8.8.8, but can't ping internal IP's.  Any clue what would cause this and how to fix this?

    Again, works fine if I'm external.  Can ping my internal clients without a problem.  It's only when I VPN from internal.

    Thanks!



  • what do you see in the logs if you debug the connection?



  • @BlueKobold:

    So, when I join my Wifi (From internal)

    So if you are using it from internal or the LAN side you will need to set up something like NAT redirection
    or also called Hairpin NAT, then it will be just running as excepted.

    Never heard of Hairpin NAT :(.

    If you are referring to NAT Reflection, I already have that enabled and set for NAT+PROXY.  Otherwise, if that's not what you are referring to, can you point me in the right direction to setup NAT Redirection/Hairpin NAT?

    Thank you!



  • @BlueKobold:

    If this will not help oyu out then you should better disable at home the VPN part if you are
    connecting to your home network internally.

    I followed the directions from: https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks, however, this isn't my problem.  So NAT Redirection isn't the problem here (at least I don't think)….  I can't even ping my internal IP's by IP number...



  • @BlueKobold:

    If this will not help oyu out then you should better disable at home the VPN part if you are
    connecting to your home network internally.

    Really?  So because I didn't understand what you were talking about, you quit helping??  How RUDE!!!!


Log in to reply