Hello Jim, On Wed., Feb. 06, 2013, Jim Pingle wrote: >On 2/6/2013 3:26 PM, [email protected] wrote: >> Can you clarify 'cannot be inside of the LAN subnet' please? Should >> I disable 'Virtual Address Pool' in VPN/IPSec/Mobileclients or change >> it from 192.168.1.48/29 to a foreign (not inside LAN) subnet? >> >Virtual Address Pool is the mobile IPsec client subnet supplied by >modeconfig. If you specified a virtual address pool, you specified a >mobile IPsec client subnet. > >That cannot overlap your LAN subnet or any other subnet currently in >use. Your local PCs are sending ARP to find the IP as it's part of a >local subnet, but it's not local, it's on the VPN. > >Use a unique subnet for the virtual address pool and it will probably work. > There were lots of other problems (so no it didn't work.) But your basic premise was correct, and the other things were not ARP/modeconfig related. It seemed to me that since there were no visible routes, tunnels, or virtual nics, the modeconfig had to be inside the target LAN. That was the mistake, and thanks for pointing it out.
Regards, Michael _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
