Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "All" VLAN traffic over IPSec site to site

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      a.dresner
      last edited by a.dresner

      Thank you in advance for support/advise

      I have 2 locations, Primary and Remote

      Goal: Have a WIFI SSID that is connected to a VLAN at the remote site. So when user connects to that WIFI, all the traffic is routed over IPSec VPN to the Primary location and out over its WAN connection

      Already Done: Basic config of Pfsense at Primary and Remote
      VLANS Done (Pfsense, UniFi)
      WIFI Done (UniFi)
      IPSec connection between Primary and Remote Done

      So while I can connect to the VLAN/WIFI on the remote site and ping from Remote to Primary and access resources at the primary from the remote over the WLAN/VLAN, the default gateway for internet actives is still the local gateway at the Remote site. How can I force "all" traffic on that VLAN over the remote gateway? IN other words, if I pull a website or open an app, it should go thru the remote gateway at the primary site.

      Thank you

      1 Reply Last reply Reply Quote 0
      • M
        milenkoc
        last edited by

        This is exactly what I'm trying to achieve in my setup.

        As far as I understand you will need to set up Routed (VTI) IPSec VPN in order to be able to set this up. There is no way to setup IPsec Phase 2 so that remote network includes all except local addresses (which you will still want to be routed locally and not through VPN).

        Once you have Routed IPSec connection working you will be able to assign it to a dedicated interface and then use the associated gateway for policy based routing

        Routed IPSec VPN connection

        Policy Based Routing

        A 1 Reply Last reply Reply Quote 0
        • A
          a.dresner @milenkoc
          last edited by

          @milenkoc

          You are right about the VTI, I even hired a company (one of the big YouTube channels) to help and they couldn't get it to work right. There might be an issue with IPsec or so they said.

          They ended up setting up OPenVPN for me in the end and its working.

          Just wonder if I will get better performance over IPSec or Wireguard.

          1 Reply Last reply Reply Quote 0
          • M
            milenkoc
            last edited by

            I have found a solution to make this work for me. I've posted the solution to my particular issue in the other thread. You can check it out to see if it works for you. That is if you're still interested to see how much performance improvement you can get with IPSec vs. OpenVPN.

            Routing through Routed (VTI) IPsec connection

            A 1 Reply Last reply Reply Quote 1
            • A
              a.dresner @milenkoc
              last edited by

              @milenkoc Thank you very much

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.