Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec vpn feature suggestion

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    5 Posts 2 Posters 672 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      e066377
      last edited by

      I have just completed my first IPsec s2s vpn with 9 Phase 2 tunnels all of which has single IP address Remote Network. All properties except Remote Network IP are the same.

      Here comes in mind that allowing Alias for Remote Network in Phase 2 will greatly simplify the process and decrease the possibility of errors for the situations above. We can just create an Alias for the combination of remote IP addresses and enter that Alias in Remote Network field, and end with only 1 Phase 2 tunnel for many IP addresses.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Or use VTI IPsec and a routing protocol like BGP and don't mess with extra P2s at all. :-)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • E
          e066377
          last edited by e066377

          One of my requirement was to NAT all LAN subnet to a specific public static IP. I tried VTI first, but being new (1 week) in networking and pfSense routing and nating were not straightforward for me. And in Tunnel Mode NAT/BINAT translation field was waiting there to enter my NAT IP.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Ah, yeah, VTI and NAT don't get along too well anyhow, so that would hurt your chances as well.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • E
              e066377
              last edited by

              Same request 8 years ego:
              https://redmine.pfsense.org/issues/946

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.