Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec allow only individual hosts to use internet connection from Site A

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 735 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vm_machina
      last edited by

      Hello Forum

      i configured ipsec site to site von via ipsec on my two pfsenses.
      I get it out that his subnet can reach the other or even use the Routing Internet Traffic Through a Site-to-Site IPsec Tunnel described here:
      https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-route-internet-traffic.html

      Site B is able to use Internet from Site A.
      What i trying to archive is that only individual hosts are routing internet traffic trough site a.
      everyone else should only be able to reach the local network on the other side, the internet should continue to go out via the local gateway.
      I tried to make a p2 for a single host and the other hosts in their own p2 connection. without success.
      How can I achieve this

      e25d4dcb-f101-4706-ad5a-4f9732b7ee21-grafik.png

      937b4aab-2fc0-4aef-bfe8-009dce3183e8-grafik.png

      a2b8a5a5-d1f3-4bad-bb72-9faa4fdb3bde-grafik.png

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @vm_machina
        last edited by

        @vm_machina
        I don’t think that you can achieve that with a policy based IPSec p2.

        You can turn it into a VTI and then policy route the upstream traffic of desired IPs over to the remote site.

        V 1 Reply Last reply Reply Quote 0
        • V
          vm_machina @viragomann
          last edited by

          @viragomann

          Thank you for you answer.
          Have you an guide ready or a how-to be configured ?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @vm_machina
            last edited by

            @vm_machina
            It's explained in the pfSense docs: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.