IPSec - Set specific external interface
-
Hi All,
I am trying to connect up a new IPSEC VPN on my PFSense box, however when I go to choose the interface, I only see the physical interfaces of the device - my WAN Interface points to a virtual /29 IP address, thus giving me 5 possible external IP's to use for the connection, however these virtual IP's do not show in the dropdown list for interfaces in the IPSEC VPN IKE1 screen - so I am unable to establish the connection out of a specific IP.
Is this possible?
Thanks
-
What type of Virtual IP Addresses did you create when you setup the /29?
To use them with IPsec or other daemons on the firewall, they would have to be IP Alias VIPs or CARP VIPs. Proxy ARP and 'Other' type VIPs cannot be used for binding services on the firewall.
https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-feature-comparison.html
-
@jimp Thanks for the prompt reply!
Yea, I am using 'other' Virtual IP's so that will explain it - not sure I can use Alias or Carp with my PPPoE connection.
Thanks
-
You should be able to set them as IP Alias VIPs on Localhost, if nothing else. They don't have to be set on the WAN as long as they are routed to the firewall.
-
@jimp Just tried the IP alias, and it messed around with the other range (it just showed the alias as 'IPAddress ()" - would you suggest me deleting the 'other' VirtualIPs and using an IP Alias for each address in the range?
When trying to connect via the alias I get the following:
(information text)16[NET] error writing to socket: Can't assign requested address
Thanks
-
You shouldn't have two that overlap/conflict. Remove the 'other' type VIPs and make individual IP alias VIPs.
-
@jimp Perfect, works a treat! - thank you for your help!!