• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPSEC tunnels to and from different public IP, but with same local subnets

Scheduled Pinned Locked Moved IPsec
3 Posts 2 Posters 788 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cooljimy84
    last edited by Sep 27, 2017, 10:45 AM

    So i've been asked if this is possible, thinking about it, it should, but i'm no expert.

    Remote sites    PFsense      Server
    192.168.1.X    public IP 1  Server 1
    192.168.1.X    public IP 2  Server 2
    192.168.1.X    public IP 3  Server 3

    So we will terminate all IPSec tunnels on PFsense, via different public IP, then route back to servers (either on separate LANS or VLANS) then make sure that all comms from that server use that public outbound and that IPSec tunnel for internal comms.

    More details, if you want.
    We have 30 linux containers each with their own IPSec vpns, to separate sites. We want a central place to setup/monitor/change IPSec details.

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Sep 27, 2017, 1:34 PM

      You cannot have multiple tunnels to the same remote network on different firewalls. How would it possibly differentiate between them?

      The remote sites must NAT their local network so that pfSense sees a different network at each location. The details of how that is done vary depending on the type of VPN and what sort of hardware/software is running the VPN at the remote sites.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • C
        cooljimy84
        last edited by Oct 5, 2017, 1:34 PM

        I did think that if it worked it would break all routing.

        It was a long shot, as i thought each interface would have it's own routing table, so i could have

        192.168.1.0 <<ipsec a="" nailed="" to="">> 123.123.123.120 <<lan to="">> 10.0.0.0 <<routing rule="" for="" outbound="" ipsec="" a="">>
        192.168.1.0 <<ipsec b="" nailed="" to="">> 123.123.123.121 <<lan to="">> 10.0.1.0 <<routing rule="" for="" outbound="" ipsec="" b="">>
        192.168.1.0 <<ipsec c="" nailed="" to="">> 123.123.123.122 <<lan to="">> 10.0.2.0 <<routing rule="" for="" outbound="" ipsec="" c="">>

        All on one pfsense firewall with each</routing></lan></ipsec></routing></lan></ipsec></routing></lan></ipsec>

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received