OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: khodaeifard on February 17, 2018, 12:41:14 am

Title: Mobile IPSec split tunnel not working
Post by: khodaeifard on February 17, 2018, 12:41:14 am

Hello there!

i think this is pretty normal and even maybe boring question! :) but i give it a try.
i have configured Mobile IPSec on version 18.1 and have no problem regarding connecting to VPN with MacOS or IOS. i have access to my local LAN, but i have no internet access! not even from OPNsense internet access. in fact, i want to have split tunnel and only local network traffic go through VPN and have my own internet access. i have configured P2 with my LAN IP address but not working. also enabled "network list" in Mobile IPSec settings! :(
just in case i use IKEv1
looks like route works just fine for local network:

Code: [Select]

charon: 15[IKE] CHILD_SA con1{16} established with SPIs c00e4c5a_i 07d91bed_o and TS 192.168.100.0/24 === 192.168.200.1/32any idea would be appreciated. :)

Title: Re: Mobile IPSec split tunnel not working
Post by: le-luetz on September 13, 2018, 08:57:29 am

Hi khodaeifard.

Did you get this work at least?

We are facing the same problem. Until yesterday our workaround was to route all the traffic through the tunnel, even the internet traffic. Although we did not really want this. Now yesterday we updated our opnsense from an really old release - 16.x i think - to the actual stable version 18.7. and at the moment we aren't even able to provide internet access during up ipsec tunnel. we need to get a solution for this, we have to do both: work remotely in the office lan and have internet access.

Are there any ideas to get this work? any help is appreciated. Thx. Lutz.

Title: Re: Mobile IPSec split tunnel not working
Post by: le-luetz on September 13, 2018, 10:54:10 am

Hi there.

Got it working for me. Very helpful was this post from schnipp:

https://forum.opnsense.org/index.php?topic=9478.msg43057#msg43057

The NAT-Rule was missing.
Still all the traffic goes through the firewall...but better than nothing. ;)

Thx.

Title: Re: Mobile IPSec split tunnel not working
Post by: iamatt on September 18, 2018, 05:14:33 pm

Hello new here.  I am using opnsense with ipsec and the native android client using basic xauth and psk since it's just me.  I had similar issue but in the android client advanced setting I added my home lan as a route.  The option in the native android client is grayed out and says not used but I put it in there anyway.   That fixed all of my split horizon issues or so it seems.  I can access my home lan and whatismyip.com still shows my att data network ip from my phone.