• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPSec route priority

Scheduled Pinned Locked Moved IPsec
5 Posts 3 Posters 3.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fabio.grasso
    last edited by Jul 29, 2016, 3:31 PM

    Hello,
    I've a static route for 10.0.0.0/8. Then I've configured an IPSec tunnel for 10.177.101.64/26.

    The traffic for 10.177.101.64/26 is not routed via the IPSec tunnel but with the gateway of the static route. I've found that if I disable the static route my VPN works fine.

    As a workaround I've created a static route for 10.177.101.64/26 using 127.0.0.1 as gateway. By doing this the traffic for 10.177.101.64/26  id directed to the IPSec tunne.

    Since I had to create some IPSec tunnels, is there a way in order to give a priority to IPSec tunnel in routing table?

    I was looking for something like metrics but I've not found anything similar.

    I'm using pfSense 2.3.2

    Thanks for your help
    Fabio

    1 Reply Last reply Reply Quote 0
    • M
      mannyjacobs73
      last edited by Sep 30, 2016, 6:28 AM

      Hi Fabio,

      Did you ever find a solution regarding the metric / priority to route your traffic?

      Thanks,

      1 Reply Last reply Reply Quote 0
      • F
        fabio.grasso
        last edited by Sep 30, 2016, 6:43 AM

        @mannyjacobs73:

        Did you ever find a solution regarding the metric / priority to route your traffic?

        No, I'm still using the workaround

        1 Reply Last reply Reply Quote 0
        • M
          mannyjacobs73
          last edited by Sep 30, 2016, 11:30 AM

          Ok, thanks.

          Seems the only way to prioritize routes 'normally' is to use a routing protocol / process as it's possible with static routes in *BSD.

          I'm not sure if this would sort your particular issue out anyway though..

          Just a thought… by routing via the loopback, don't you risk bypassing the firewall rules inadvertently?  ---> I may be completely wrong with this...

          1 Reply Last reply Reply Quote 0
          • M
            Maddin
            last edited by Oct 18, 2016, 7:29 PM

            Hello,

            I have the very same problem as stated in the first post from "fabio.grasso" .
            From my understanding the IPSEC traffic should be intercepted before any routing is applied.
            And like this it is working in 5 of my 6 pfSense boxes, but not on one.
            All pfSenses are on 2.3.2 release and all routing and all IPSEC-tunnels are of the same kind (different ip-ranges of course).
            just box#6 makes this problem, resulting in a asymmetric routing, because it tunnel partner has not the problem.
            I disable the 10.0.0.0/8 route and traffic through the tunnel works, by adding it again the ipsec-routing is broken again….

            I have no idea why it happens just on 1 box and it makes me abit nervous to see such an inconsistent behaviour.

            Thanks a lot for sharing a solution (Remote-IPSEC-Lan routing via "Null4 - 127.0.0.1")
            But should I apply this patch now alo to the working ones???

            Kind regards

            Maddin

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received