OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • [SOLVED] IPsec mobile client no internet access
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] IPsec mobile client no internet access  (Read 9081 times)

payback007

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
[SOLVED] IPsec mobile client no internet access
« on: January 28, 2019, 12:32:32 am »
Dear all,

I trying to setup an IPsec VPN connection, the channel is working, access of local network is possible but I can't connect to the internet, means if VPN connection is enabled, browsing to the internet is not possible.

Is it any topic of rule definition or is this a matter of DNS / network configuration?
« Last Edit: February 05, 2019, 06:09:19 pm by payback007 »
Logged

payback007

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
Re: IPsec mobile client no internet access
« Reply #1 on: February 05, 2019, 06:08:22 pm »
    In the meanwhile I found the solution, unfortunately only be combining several different posts along the internet.

    1) manual IPsec-LAN rule set on outbound NAT
    • outbound NAT rule with selection "IPsec net" as source -> no difference, IPsec net (defined as 10.0.0.0/24 for mobile clients) seems not to connected to IPsec net as defined
    • second try with outbound NAT rule with selection "10.0.0.0/24" as source -> working perfect
    • all additional rules for EPS / Port 500 / Port 4500 and IPsec net are defined as mentioned in the wiki

    overall it seems that automatic outbound NAT rule generation is not working properly and IPsec net is not combined with the virtual address pool as defined in the IPsec application.

    2) definition of DNS for mobile clients
    • use OPNsense-IP for DNS for mobile clients
    • other DNS services would work as well but then not all the internet queries are going through the VPN connection I think

    3) unbound DNS
    • put IPsec net manually to access list for network 10.0.0.0/24

    4) adjust firewall advanced settings
    • enable "Reflection for port forwards"
    • enable "Reflection for 1:1"
    • enable "Automatic outbound NAT for Reflection"

    5) it is now possible for me to use IPsec with a "road warrior for mobile clients" and a "IP site-to-site" tunnel in parallel
    • access to internet from mobile device via Cisco IPsec client is now possible
    • access to local LAN is now possible via Cisco IPsec client

    Maybe there is an easier way, but I found no other working solution for IPsec. OpenVPN was tested as well and is much more easier, but OpenVPN is not possible for all my clients.
Logged

payback007

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
Re: [SOLVED] IPsec mobile client no internet access
« Reply #2 on: February 05, 2019, 06:10:13 pm »
By the way: it is the same behaviour using 18.7 or 19.1
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • [SOLVED] IPsec mobile client no internet access
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2