pfSense Gold Subscription

Author Topic: Can't connect to or ping LAN hosts using IPsec mobile VPN  (Read 117 times)

0 Members and 1 Guest are viewing this topic.

Offline andrew_241

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Can't connect to or ping LAN hosts using IPsec mobile VPN
« on: November 25, 2017, 05:48:06 pm »
Hello!

I'm new to using pfSense as a VPN server. I finally got it configured with IKEV2 and am able to successfully connect, but I can't ping any other host on the LAN. I have Phase 2 -> Network set to '0.0.0.0/0', and internal IPs are in the 192.168.1.x range. The mobile clients are given one of these private IPs. The firewall is set to allow IPsec connections from any to any. The pfSense router is the default gateway for the LAN.

Also, is there a way to have my DHCP server (Windows Server) assign IP addresses to the VPN clients under this configuration?

Thanks!

Offline andrew_241

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Can't connect to or ping LAN hosts using IPsec mobile VPN
« Reply #1 on: November 26, 2017, 01:02:20 pm »
I ran a packet capture with Wireshark, and it looks like no packets from the mobile client are hitting the LAN. The only packets I see referencing the mobile client's internal IP address are ARP requests: "Who has (mobile client internal IP)? Tell (IP address of Windows Server providing DNS and DHCP)."

Offline andrew_241

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Can't connect to or ping LAN hosts using IPsec mobile VPN
« Reply #2 on: November 27, 2017, 10:23:49 am »
I found the problem: under VPN -> IPsec -> Mobile Clients under 'Client Configuration', the 'Virtual Address Pool' has to be a completely different network address than the internal IP addresses I was using. This tip is on one of the how-to pages, and it looks like I overlooked a step. I also learned that there isn't a way yet to have the DHCP server assign IP addresses to VPN clients.