How to route traffic over ipsec vpn?

acidrop

Hello everyone!

I've successfully connected 2 different networks with 2 pfsense machines running on both sides through IPSec VPN.
The question is how can i route specific traffic from network A to a pc on network B through the VPN?
For example suppose tha net A uses 192.168.1.0/24 range and net B 10.1.1.0/24 range and i want to route 10.2.0.0./16 traffic from 192.168.1.4 pc on net A to a linux box router 10.1.1.2 on the net B..i tried something like this on the pc of net A: route add 10.2.0.0 mask 255.255.0.0 10.1.1.2 -p but it tells me that this gateway lies on a different network…

thank you

mickeybyte

Hi,

when routing, you must always give up the next hop router at your own network

e.g.:

net A <====VPN TUNNEL====> net B <router> net C

where:
net A = 192.168.1.0/24
net B = 10.1.1.0/24
net C = 10.2.0.0/16
then gateway to 10.2.0.0 on net A should 192.168.1.x (pfSense LAN ip in net A)
of course you will need to tell pfSense somewhere that not only 10.1.1.0/24 is at the other end of the tunnel, but also 10.2.0.0 (don't know exactly how you can do this, don't have any ipsec tunnels running up here)

MickeyByte

sullrich

Install routes in System -> Static Routes

acidrop

Hi again and thnx for the response!

I tried the static routes but when i go to select the interface it has only LAN,WAN,PPTP and OPT1 but not IPSEC,so how can i put this static route?
destination i put 10.2.0.0/16 but as gateway what sould i put?(i want to reach 10.1.1.2 as gateway)

My default gateway on net A is 192.168.1.1 and on net B 10.1.1.1

mickeybyte

Guess that should be the next router to that network, so 10.1.1.2 (if that is the router to you 10.2.0.0 network)

diegote

Please, some help!!!
I have followed all the tutorials that I've found in PFSense and mOnO site.
I have configured just like that, and there is no tunnel. I look into SAD tab and nothing, but into SPD show me both records.
Somebody has a working example? Please send it or tell where I can read or download.
Thanks a lot.
Diego

@acidrop:

Hello everyone!

I've successfully connected 2 different networks with 2 pfsense machines running on both sides through IPSec VPN.
The question is how can i route specific traffic from network A to a pc on network B through the VPN?
For example suppose tha net A uses 192.168.1.0/24 range and net B 10.1.1.0/24 range and i want to route 10.2.0.0./16 traffic from 192.168.1.4 pc on net A to a linux box router 10.1.1.2 on the net B..i tried something like this on the pc of net A: route add 10.2.0.0 mask 255.255.0.0 10.1.1.2 -p but it tells me that this gateway lies on a different network…

thank you

hoba

I answered that at the m0n0 list a long time ago in a galaxy far far away: http://www.m0n0.ch/wall/list/showmsg.php?id=160/29
It's the same situation with pfSense atm. Using static routes across VPN-Tunnels doesn't work yet.