redirect to PFsense IPsec tunnel endpoit which has public IP

admin_axx

I have got a working IPsec connection where the Remote subnet has a non internet IP address (105.x.y.z/25).

Trying to access this address of course leads to the public internet.

How can I redirect all request to 10X.x.y.z/25 to the IPSec tunnel (and within that to the Local Subnet of the connected side)? (Of course the "real" 10X.x.y.z/25 addresses will not be reachable anymore.)

viragomann

@admin_axx
Directing a public IP range through the tunnel is generally the same as a private one.

If it is a policy-based IPSec put 10X.x.y.z/25 into the remote network field in the phase 2 and at the remote site into the local network field. And then pfSense should route this subnet through the tunnel.

admin_axx

@viragomann

The tunnel itself i(phase 1 and phase 2) is working with the settings you have mentioned.

The problem is that PFsense is not routing this subnet through the the IPsec tunnel in case of remote network has a public IP address.

For all my tunnel with 10.x.y.z addresses it is working. But in case of 10X.x.y.z/25 I can see using tracerouteit it goes directly to the ip address in the public internet.

viragomann

@admin_axx
Is it a policy-based tunnel or a VTI?

If it is a policy-based and the subnet is not routed through the tunnel, the phase 2 doesn't work. Maybe something wrong in the settings.
You can verify the log.

admin_axx

@viragomann
It is policy-based tunnel (Tunnel IPv4).

Phase2 is working (status connected).

Status->SystemLogs->IPSEc has no corresponding entries.

But you said " and the subnet is not routed through the tunnel": This is exactly the problem - how to do this? As there are no thus options in the IPSec tunnel settings ("NAT/BINAT translation" should not be the corresponding option.)