View Single Post
  #1   (View Single Post)  
Old 24th February 2017
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default Can't reach local network via IPSEC

I have an OpenBSD L2TP IPSEC tunnel created and I can connect to it fine, however when I try to browse the local network I cannot. Here is my ipsec.conf file:
Code:
ike passive esp transport \
  proto udp from xx.xx.xx.xx to any port 1701 \
  main auth "hmac-sha1" enc "aes" group modp1024 \
  quick auth "hmac-sha1" enc "aes" group modp1024 \
  psk "VerySecretPassword"
Here is my pf.conf
Code:
ext_if2 = "enc0"
vpn_if = "pppx"
vpn_net = "10.0.0.0/24"

# allow esp protocol
pass in on $ext_if2 proto esp

# allow udp connections for isakmp and ipsec-nat-t
pass in on $ext_if2 proto udp to port { isakmp, ipsec-nat-t }

# allow all IPSec traffic
pass on enc0 keep state (if-bound)

# allow all trafic in the VPN network
pass on $vpn_if from $vpn_net
# allow all trafic out to the VPN network
pass on $vpn_if to $vpn_net

# nat outgoing connections over the internet interface to allow internet usage
match out on $ext_if2 from $vpn_net nat-to ($ext_if2) set prio (3,4)
It doesn't seem to allow me to browse my local network. I can connect just fine, but it doesn't seem to route my traffic to the local LAN. Is there something I'm missing?

Last edited by ocicat; 24th February 2017 at 06:03 PM. Reason: Please use [code] & [/code] tags when posting file contents.
Reply With Quote