Roadwarrior IPSec and static routes



  • Hi,
    Running 2.3.3-RELEASE
    Used the Wizard to create IPSec VPN
    Using OSX "Cisco" IPSec client to connect to pfSENSE

    I have a quite complex home network where I run Layer3 on the switch layer (Juniper EX3300) that terminates all L3 connections. After that I'm running OSPF to my firewall (Juniper vSRX). The Switch has several routing instances.

    However now I'm trying to access things in the same routing database on my EX3300. However I cant find any way to push different subnets to my IPSec client.
    The only network that's available it the "LAN" network in pfSense.

    I have a static route to another network with next hop on my EX switch (l3 router), ie.

    LAN subnet on Pfsense: 10.0.10.0/24
    IPSEC subnet: 10.0.200.0/24
    Static route on pfsense: 10.0.101.0/24 -> 10.0.10.1 (L3 Juniper)
    Static route on Juniper: 10.0.200.0/24 -> 10.0.10.30 (pfsense)

    i can ping my Mac Client from my juniper switch (connected with 3G);
    x@sw-core# run ping 10.0.200.1   
    PING 10.0.200.1 (10.0.200.1): 56 data bytes
    64 bytes from 10.0.200.1: icmp_seq=0 ttl=63 time=339.916 ms
    64 bytes from 10.0.200.1: icmp_seq=1 ttl=63 time=219.385 ms

    however the routing table on OSX does not contain the network 10.0.101.0/24 - Is there a way to add it?
    Changing the network in Phase2 does not help, as I guess its's only on the receiver (pfsense) side?

    Before there was an "advanced" option in the GUI where you can push routes, but that is removed?

    Thanks
    (My first post here)



  • Once I managed to get it to work by using a "default route" as my local network. However it gave different results depending on different versions of OSX and in how the existing routes..

    What I have read it looks like PfSense will not be able to accomplish what I want to do here so I'm currently looking at other options.


Log in to reply