Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec with a transparent firewall

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 817 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mullerit
      last edited by

      Hi,
      I followed the instructions to setup IPsec but devices can not connect to it.
      The one thing that is different in my PFSense setup is that I use the firewall in transparent mode (bridged WAN and LAN on OPT1 and do not have a NAT, but rather public IP's on both sides of the firewall).

      Is it even possible to get an IPsec tunnel up to this PFSense firewall?

      Thanks for any hints!

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        That isn't going to work out of the box because there is no way for the devices on your bridged interfaces to know that the IPsec client traffic needs to return to the firewall. They will address it to their gateway and pfSense won't pick it up.

        You'd have to put a static route on each device on LAN/OPT1 pointing your IPsec client subnet traffic to the firewall. If you only need to reach from IPsec to the LAN/OPT1 you might be able to workaround that with manual outbound NAT on LAN/OPT1 to translate the IPsec subnet to the firewall's IP address, but that could still have some quirks.

        In short, it's difficult to tell the firewall to both not be a gateway and also be a gateway.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P Offline
          prod.csio
          last edited by

          Hello,

          I have the same problem.

          @jimp : i don't understand your solution. Can you explain me with more details please ?

          I made a schema :

          0_1547127650496_pfsense.png

          thank you very much if you can help me because I'm stuck.

          Ludo.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.