Routing between pfSense Subnets and IPSec VPN

vpn routing ipsec pfsense
24,661

Solution 1

It took me some time, but here is the answer: Edit the P2 in pfSense, set Local Network to: Network 10.0.2.0 /24 (the network where the clients actually reside) and set NAT/BINAT translation to: Network 10.0.125.0 /24

So the VPN tunnel will be established between the remote Network and 10.0.125.0 /24 but the clients from 10.0.2.0 /24 can connect and are nated via this option.

I only tested this if the connection is initalized from my side, I don´t know if the remote site can establish the connection

Solution 2

Duplicate your existing P2 (click the + to the right of it), change local from 10.0.2.0/24, leaving same 10.172.0.0/16 remote. Do the same, flipping local and remote, on "other router." Then you'll be able to communicate between.

Solution 3

You can have more than one P2. you should have two phase2 entries on both sides one per block.

Share:
24,661

Related videos on Youtube

W4rlock
Author by

W4rlock

Sys/Netadmin

Updated on September 18, 2022

Comments

  • W4rlock
    W4rlock almost 2 years

    I have a pfSense Router, which is the endpoint of a site-to-site IPSec VPN. In the pfSense the main LAN Interface is 10.0.2.1/24 and it has a virtual IP 10.0.125.1/24
    The IPSec Phase 2 connects the 10.172.0.0/16 (from the other side) to the 10.0.125.1/24 network.
    Now I want to connect to an ip from the other side, but from an ip in the 10.0.2.0/24 network

    So the desired connection is 10.0.2.27 to 10.172.0.119
    I tried to add the 10.0.125.1 as a gateway in the pfSense and route all traffic to the other network over it, when i did so i could ping the other side from the pfSense host but not from the 10.0.2.0/24 network.
    I tried to add Outbound NAT, but that didn´t helped either.

    What am I doing wrong?

    Network

  • W4rlock
    W4rlock almost 9 years
    Thanks for that, but the problem is that I don´t have access on the other side, so my question is if i can nat that traffic through the pfSense But outbound nat didn´t work (or i made it wrong)
  • Chris Buechler
    Chris Buechler almost 9 years
    If you only need egress traffic to that VPN, yes. Add another P2 only on your side, make the NAT subnet 10.0.2.0/24 and local 10.0.125.0/24
  • chicks
    chicks about 7 years
    Welcome to ServerFault. Did you read the other answers?
  • sjas
    sjas about 7 years
    you really should have two phase2 entries, simplifies configuration, debugging, troubleshooting even if the functionality really were the same.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Routing specific traffic through vpn
PFSense IPSec connection established, wan works, lan not
IPsec on pfSense: Tunnel is up, but I can't connect to remote host
Does the traffic go through my company network when I browse when connected through SSL-VPN
pfSense/strongSwan "deleting half open IKE_SA after timeout" - IPSec connection Android 4.4 to pfSense 2.2.1 fails
PFsense IPSec VPN failing phase 2
pfSense OpenVPN clients routing
Route all traffic through StrongSwan VPN
PFsense VPN all types failing?
Fortigate VPN Routing issue