PFSense IPSec connection established, wan works, lan not
The problem was that the vpn virtual address pool was inside the real subnet. So if the server (or any device in the lan) tries to respond to that request, it hasn't used the gateway, because it was searching (arp request) in the local lan.
So i just changed the vpn virtual address pool from 10.0.40.0 /24 to 10.40.0.0 /24 and everything is working fine now.
packet capture on the PFSense box and tcpdump of icmp packets on the server side lead me to this solution.
Related videos on Youtube
06 : 23
09 : 19
13 : 55
06 : 24
02 : 16
05 : 58
09 : 12
13 : 48
Comments
-
Kevin Urbainczyk over 1 year
I want to setup a vpn service on top of my PFSense box at home. PFSense is configured and working fine for my home network.
The problem is, that i can only access wan addresses over the vpn tunnel and no device/address in the home lan.
I'vd checked for missing/blocking firewall rules, there is no blocking rule and the firewall logs also dosen't printout any blocked traffic from the affected ips. All traffic that comes over the vpn tunnel has access to 0.0.0.0 /0 that should mean WAN+LAN, right?
If i do a packet capture on the PFSense box and triggering a ping from the vpn client pc, the packet capture outputs:
21:26:10.355756 (authentic,confidential): SPI 0xcd64b046: IP 10.0.40.1 > 10.0.100.1: ICMP echo request, id 1, seq 7219, length 40
Some configuration values below:
Network diagram picture - not embedded due insufficient reputation
PFSense box at home:
IP: 10.0.200.1
MASK: /16 (255.255.0.0)
This box is the main router in the notwork (gateway).
VPN Setup (PFSense box at home):
IPSec - Mobile Clients:
Provide a virtual IP address to clients - Checked
Virtual IP address Pool: 10.0.40.0 / 24
Provide a list of accessible networks - Checked
IPSec - Phase2, local network: 0.0.0.0 /0
Any ideas where the issue could be?
