IPSec Mobile Client Full Tunnel issue



  • Hello,

    I have two pfSense boxes that have IPSec site-to-site setup and it works fine. Also on both I set IPSec mobile clients that work great.
    However, sometimes I want to be able to have full tunnel for the mobile clients and route all my traffic to the other site. The pfSense documentation says:
    Phase2: "Local Network: (the local network, e.g. LAN, or 0.0.0.0/0 to send everything over VPN)" and I did that but still no luck. What am I doing wrong?



  • You need to add additional p2 for mobile IPSec policy with remote subnet



  • @kapara:

    You need to add additional p2 for mobile IPSec policy with remote subnet

    For remote subnet you mean the subnet where I am or where I'm connecting to ?



  • Subnets need to be referenced at both ends so that traffic knows how to return



  • Your mobile vpn needs another p2 so that the mobile IPSec knows about the remote network.  It does not get that from the point to point.