Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC route ALL traffic over IPSEC connection

    Scheduled Pinned Locked Moved IPsec
    11 Posts 2 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GruensFroeschliG
      GruensFroeschli
      last edited by

      Cant you just set the default gateway for pfSense to the other side of the tunnel?

      (or a static route for 0.0.0.0 pointing to the other side)

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • R
        raupc
        last edited by

        The static route i already tried doesn't solve my problem.

        But where should i fill in the default gateway ?

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          Well only a single static route wouldnt solve it.
          You also need a static route to the other endpoint over your real connection.
          Otherwise your tunnel goes down the second you put the static route in place.

          Well the static route IS the default gateway ^^"

          But do you really need IPSEC?
          This would be easier with OpenVPN.

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • R
            raupc
            last edited by

            unfortunately it has to be ipsec :-\

            But how to do with the static routes.

            Can you explain it al little further?

            1 Reply Last reply Reply Quote 0
            • R
              raupc
              last edited by

              so okay maybe i figured it out.

              First i set up a static route

              0.0.0.0 /1  to my real ip address 84.x.x.x

              then a static route

              0.0.0.0 /1 to 192.x.x.x

              but i have to try it

              1 Reply Last reply Reply Quote 0
              • R
                raupc
                last edited by

                nope, can't  get it to work

                Someone any idea?  ???

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  @raupc:

                  First i set up a static route
                  0.0.0.0 /1  to my real ip address 84.x.x.x
                  then a static route
                  0.0.0.0 /1 to 192.x.x.x

                  More like:
                  84.x.x.x to the gateway of your WAN
                  0.0.0.0/0 to the router on the other side of the IPsec connection

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • R
                    raupc
                    last edited by

                    hmm i don't get it.

                    The topology of the network.

                    NetA                                 NetB

                    10.x.x.x                             192.168.1.x

                    wan                                  wan

                    212.x.x.x                            84.x.x.x

                    Net A has to go over the gateway of net B

                    Maybe you can point me where to put the routes.

                    0.0.0.0 /0  is not possible in pfsense only 0.0.0.0 /1

                    Is there any other way to adjust the routing table of pfsense?

                    1 Reply Last reply Reply Quote 0
                    • GruensFroeschliG
                      GruensFroeschli
                      last edited by

                      add these static routes:
                      destination: 84.x.x.x/32    gateway: YourIPSsGateway
                      destination: 0.0.0.0/1      gateway: 192.168.1.x (router on other side of tunnel)
                      destination: 128.0.0.0/1    gateway: 192.168.1.x (router on other side of tunnel)

                      That's what openVPN does behind the scene.
                      I'm not sure that this works with IPsec too but i think it should.

                      Also make sure that your firewall rules that allows access from the LAN has as gateway * (default)

                      We do what we must, because we can.

                      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                      1 Reply Last reply Reply Quote 0
                      • R
                        raupc
                        last edited by

                        nope, that doensn't do the trick.

                        i'm starting to believe that's not possible what i want.

                        Are there any other firewall/ipsec vpn solutions where all traffic goes standard over the tunnel?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.