Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec route priority

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fabio.grasso
      last edited by

      Hello,
      I've a static route for 10.0.0.0/8. Then I've configured an IPSec tunnel for 10.177.101.64/26.

      The traffic for 10.177.101.64/26 is not routed via the IPSec tunnel but with the gateway of the static route. I've found that if I disable the static route my VPN works fine.

      As a workaround I've created a static route for 10.177.101.64/26 using 127.0.0.1 as gateway. By doing this the traffic for 10.177.101.64/26  id directed to the IPSec tunne.

      Since I had to create some IPSec tunnels, is there a way in order to give a priority to IPSec tunnel in routing table?

      I was looking for something like metrics but I've not found anything similar.

      I'm using pfSense 2.3.2

      Thanks for your help
      Fabio

      1 Reply Last reply Reply Quote 0
      • M
        mannyjacobs73
        last edited by

        Hi Fabio,

        Did you ever find a solution regarding the metric / priority to route your traffic?

        Thanks,

        1 Reply Last reply Reply Quote 0
        • F
          fabio.grasso
          last edited by

          @mannyjacobs73:

          Did you ever find a solution regarding the metric / priority to route your traffic?

          No, I'm still using the workaround

          1 Reply Last reply Reply Quote 0
          • M
            mannyjacobs73
            last edited by

            Ok, thanks.

            Seems the only way to prioritize routes 'normally' is to use a routing protocol / process as it's possible with static routes in *BSD.

            I'm not sure if this would sort your particular issue out anyway though..

            Just a thought… by routing via the loopback, don't you risk bypassing the firewall rules inadvertently?  ---> I may be completely wrong with this...

            1 Reply Last reply Reply Quote 0
            • M
              Maddin
              last edited by

              Hello,

              I have the very same problem as stated in the first post from "fabio.grasso" .
              From my understanding the IPSEC traffic should be intercepted before any routing is applied.
              And like this it is working in 5 of my 6 pfSense boxes, but not on one.
              All pfSenses are on 2.3.2 release and all routing and all IPSEC-tunnels are of the same kind (different ip-ranges of course).
              just box#6 makes this problem, resulting in a asymmetric routing, because it tunnel partner has not the problem.
              I disable the 10.0.0.0/8 route and traffic through the tunnel works, by adding it again the ipsec-routing is broken again….

              I have no idea why it happens just on 1 box and it makes me abit nervous to see such an inconsistent behaviour.

              Thanks a lot for sharing a solution (Remote-IPSEC-Lan routing via "Null4 - 127.0.0.1")
              But should I apply this patch now alo to the working ones???

              Kind regards

              Maddin

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.