Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Dobi on September 10, 2021, 08:01:56 PM

Title: [SOLVED] IPsec Road Warrior: No Internet only access to LAN
Post by: Dobi on September 10, 2021, 08:01:56 PM
Hello,

I read the following guides:
https://docs.opnsense.org/manual/how-tos/ipsec-road.html (https://docs.opnsense.org/manual/how-tos/ipsec-road.html)
https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-eapradius.html (https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-eapradius.html)
https://docs.opnsense.org/manual/how-tos/ipsec-rw-android.html#ikev2-eap-mschapv2-or-eap-radius (https://docs.opnsense.org/manual/how-tos/ipsec-rw-android.html#ikev2-eap-mschapv2-or-eap-radius)

I also read the following topics on the same problem I have:
https://forum.opnsense.org/index.php?topic=11340.0 (https://forum.opnsense.org/index.php?topic=11340.0)
https://forum.opnsense.org/index.php?topic=19404.0 (https://forum.opnsense.org/index.php?topic=19404.0)
https://github.com/opnsense/core/issues/3751 (https://github.com/opnsense/core/issues/3751)


Accessing the LAN I have no problems, but I don't get my IPsec clients to access the internet over VPN.

Greetings,
Dobi
Title: Re: IPsec Road Warrior: No Internet only access to LAN
Post by: Dobi on September 10, 2021, 08:02:40 PM
Here are the IPsec settings.
Title: Re: IPsec Road Warrior: No Internet only access to LAN
Post by: Dobi on September 10, 2021, 08:03:27 PM
Here are some status information.
Title: Re: IPsec Road Warrior: No Internet only access to LAN
Post by: Dobi on September 16, 2021, 05:00:00 PM
I found the solution. See attached file.

No need for NAT, no need for Reflection as described in some topics.
Title: Re: [SOLVED] IPsec Road Warrior: No Internet only access to LAN
Post by: danny.su on November 15, 2021, 04:28:09 PM
 :'( I just follow your setting, but it not work. Could you give me some notice?
My setting info:
1.firewall -> ipsec->ipv4 * * * * *
2.firewall -> wan->IPV4 ESP * * WAN ADDRESS * * (then 500,4500)
3.firewall -> NAT->hybrid->wan ipv4 10.10.8.0/24 * * * WAN ADDRESS
4.ipsec->mobile client -> virtual address pool->10.10.8.0/24
5.ipsec->mobile client -> DNS SERVER->8.8.8.8
6.ipsec->tunnel settings->proposal 1 follow wiki
7.ipsec->tunnel settings->proposal 1 follow wiki (local network follow you 0.0.0.0/0)
Now it no access internet only lan , I have no idea how to fix it, Could you give me some advice?
Title: Re: [SOLVED] IPsec Road Warrior: No Internet only access to LAN
Post by: djbobyd on May 04, 2022, 03:04:23 PM
Quote from: Dobi on September 16, 2021, 05:00:00 PM
I found the solution. See attached file.

No need for NAT, no need for Reflection as described in some topics.
Thanks a lot for the solution, Dobi. I've spent several hours already looking for it.
One additional step to anyone who will also try this solution. In the Firewall Rules section for the IPsec you should add an inbound rule any-to-any in order for the traffic to be allowed back. After I did this, together with the proposed solution by Dobi everything worked like a charm.
Once again, thanks a lot, Dobi!!!
Text only | Text with Images