IPsec IKEv2 Always On VPN

Good morning.
I have a couple questions regarding the IKEv2 config for mobile clients with pfsense, using managed ios devices with the always on vpn profile.

The tunnel has been set up correctly, and is working. I can access the lan from anywhere i connect. Wife, cellular data, and mobile hotspots.

The problem is that when i connect to the tunnel from the same lan where the tunnels endpoint is at, i cannot access some of the lan devices. (ip cameras, vnc, ping). I can access the ips of the ip cameras, but it wont connect when using the standard ip camera app (Hik-Connect).

The second problem is related to the first one, in that i cannot connect locally to any devices to transfer contect over the local wifi network.

I know this is an issue with the always on vpn because it works when the vpn isnt on the device.

The always on blocks all traffic by default when not connected, but why wouldnt i be able to access any lan devices? This is only when im connected behind the sam WAN where the tunnel ends.

I am not sure there is a way to make that work. We normally don’t use a VPN when inside the network.

It is for managed devices that require an always on VPN.

Are there any alternatives you can suggest apart from using mobile dat every time I’m within the local network?


I use OpenVPN at home internally, for all wifi devices, it has no issues connecting to my network.

I am intentionally forcing an always on VPN to my devices.

I don’t use IPsec but I can confirm that at least with OpenVPN internally to the network I can access all resources. Perhaps if you are able to try with OpenVPN and see if you can obtain the results you want.

@neogrid - When I’m connected to my network, OpenVPN will not connect. Is there a firewall rule I need to set up? I do have this rule, which I thought would cover it…

No dice.

On my network, I run several vlans, for my OpenVPN server rules they are basically similar to my vlan rules. Perhaps your NAT or how you export your certificates need to be inspected more closely.