Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Change local source ports of IPsec tunnels

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 121 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      baketopher
      last edited by

      I have a VPN vendor where they will support multiple P1 connections but the requirement is that I change the source port on my side. The context is that each connection on the remote side can only support X amount of throughput, but by adding multiple tunnels to the same remote destination IP, I can get double the bandwidth. Routes are shared between pfSense and the remote with BGP and utilize ECMP.

      Is it possible to have multiple P1 connections to the same destination IP and use different local source ports for each connection? If it's not possible in the UI, I'm open to any file-based modifications as a workaround.

      For example:
      Connection 1 P1 to remote IP uses the standard local 4500 port
      Connection 2 P1 to remote IP uses a custom local port of 4501

      Thanks!

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @baketopher
        last edited by

        @baketopher
        I have forwarded a different port (2001) to the NAT-T port, where IPSec is listening on:
        5a21dae9-0884-4f49-96b6-d22823f7af4d-grafik.png

        However, this requires that the remote site initiates the connection.

        If you want to initiate the connection from your site, a different remote IP or port would be required, so you can define an outbound NAT rule to translate the source IP to something else.

        I didn't find another way to use different local ports for multiple connections.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.