How to access pfSense LAN/OPT subnets from mobile devices?



  • Hi, All

    I have successfully setup my iPhone/iPad wirelessly connect to my pfSense box using IPSec VPN, no issue accessing the internet. However, my iphone/ipad can't access NAS on 192.168.1.0/24 (LAN) subnet or VOIP Webui on 192.168.2.0/24 (OPT) subnet behind pfSense router.

    The firewall rules for IPSec set to allow any source to any destination. Outbound rules for IPSec VIP (192.168.6.0/24) was set properly.

    What am I missing?  Thanks.



  • What is the destination network for your VPN.  You can try setting it to 0.0.0.0/0



  • @kapara:

    What is the destination network for your VPN.  You can try setting it to 0.0.0.0/0

    It was LAN subnet, but changed to "network", 0.0.0.0/0,  didn't work and failed connecting to the internet.



  • My pfSense box is currently using DNS Resolver,  Does IPSec VPN work with DNS Resolver?



  • are you accessing VPN to your device from a wifi connection or mobile?  If your phone is on a wifi that is also 192.168.1.0 then I think the phone will not pass the traffic across the VPN as it will see that subnet as a local subnet to the phone.  I never use 192.168.1.0 as it is sooo heavily used in most places.  I use 172.20.20.0. Or 10.20.x.xas these are uncommon.



  • @kapara:

    are you accessing VPN to your device from a wifi connection or mobile?  If your phone is on a wifi that is also 192.168.1.0 then I think the phone will not pass the traffic across the VPN as it will see that subnet as a local subnet to the phone.  I never use 192.168.1.0 as it is sooo heavily used in most places.  I use 172.20.20.0. Or 10.20.x.xas these are uncommon.

    My wifi was in a 192.168.111.0/24 range, while my pfSense LAN was in a 192.168.1.0/24 range, and OPT was in a 192.168.2.0/24 range. shouldn't be a problem, but iphone/ipad just can't access pfSense box 's LAN/OPT subnets. the IPSec VIP was in a 192.168.6.0/24 range.

    IPhone/iPad (192.168.111.aaa) ->Netgear R7000 router-> ISP Modem 1 –>Internet-->ISP Modem 2->pfSense (IPSec)-> NAS (192.168.1.xxx), VOIP (192.168.2.yyyy)



  • Is this a clean install or an upgrade?  What version are you running?



  • Guessing your mobile P2 doesn't include those subnets, so the clients aren't sending that traffic over the VPN.



  • @kapara:

    Is this a clean install or an upgrade?  What version are you running?

    Using 2.2.6, this was the first time to set up IPSec



  • Solved by adding multiple P2s, one for LAN, one for OPT.


Log in to reply