[Solved]: Setup IPSec Road Warrior as per documentation - no internet

Started by Pocket_Sevens, October 02, 2020, 03:42:53 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 02, 2020, 03:42:53 AM Last Edit: October 02, 2020, 04:40:58 AM by Pocket_Sevens
Good evening all.

I have followed the instructions in the documentation on how to set up IPSec VPN for Road Warrior.  While I can reach the internal network once connected to the VPN, none of my devices are able to access the internet while connected to the VPN.

Any advice would be greatly appreciated.  Screen shots of my Mobile and Phase 1 tunnel setup attached.
October 02, 2020, 03:43:30 AM #1
Phase 2 and firewall rule setup.
October 02, 2020, 04:40:34 AM #2
Figured out the issues:

1. The firewall rule for IPsec needs to have a destination of any (as opposed to the LAN net as per the documentation).
2. Need to create an Outbound NAT rule for the ip addresses of the IPsec net.  NOTE: cannot use "IPsec net" - it won't work.  Need to use the ip addresses.
3. In the Mobile Clients setup, I assigned three DNS servers: one for the OPNsense firewall and 2 for Cloudfare DNS.
4. In Unbound access lists, set the IPsec net ip addresses as allowed to access.

All screenshots enclosed.
Print
Go Up Pages1
User actions