Project

General

Profile

Actions

Bug #6599

closed

Routing problem with IKE v2

Added by Bruno Grossmann over 8 years ago. Updated over 8 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/10/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

Following a suggestion to use IKE v2 instead of L2TP/IPsec, I have set up an IKE v2 IPsec connection following https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
I am able to connect to the VPN but I must be missing something because I cannot connect to machines on my LAN subnet.
My P2 configuration is tunnel IPv4 as per instructions and I have set my local network to my LAN. My LAN subnet is on 10.0.0.0/24 and the virtual address pool for my mobile client is 192.168.128.0/24 . Once connected, when I ping a machine on the LAN subnet, I see the ping request coming in from the virtual address pool address and I see the reply goig to the same IP
tcpdump on LAN machine 10.0.0.2

22:26:48.426110 IP 192.168.128.1 > 10.0.0.2: ICMP echo request, id 1, seq 81, length 40
22:26:48.426328 IP 10.0.0.2 > 192.168.128.1: ICMP echo reply, id 1, seq 81, length 40
22:26:53.334732 IP 192.168.128.1 > 10.0.0.2: ICMP echo request, id 1, seq 82, length 40
22:26:53.334753 IP 10.0.0.2 > 192.168.128.1: ICMP echo reply, id 1, seq 82, length 40
22:27:58.453157 IP 192.168.128.1 > 10.0.0.2: ICMP echo request, id 1, seq 83, length 40
22:27:58.453400 IP 10.0.0.2 > 192.168.128.1: ICMP echo reply, id 1, seq 83, length 40

On my client machine, I do not get the reply back.

Note that I have tried setting the local network to 0.0.0.0/0 and I was able to ping hosts on the internet - but still no luck with my LAN machines

Actions #1

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Not a Bug
  • Affected Version deleted (2.3.1)

Please post to the forum for assistance, this isn't a bug.

Actions

Also available in: Atom PDF