Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC tunnels to and from different public IP, but with same local subnets

    IPsec
    2
    3
    471
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cooljimy84
      last edited by

      So i've been asked if this is possible, thinking about it, it should, but i'm no expert.

      Remote sites    PFsense      Server
      192.168.1.X    public IP 1  Server 1
      192.168.1.X    public IP 2  Server 2
      192.168.1.X    public IP 3  Server 3

      So we will terminate all IPSec tunnels on PFsense, via different public IP, then route back to servers (either on separate LANS or VLANS) then make sure that all comms from that server use that public outbound and that IPSec tunnel for internal comms.

      More details, if you want.
      We have 30 linux containers each with their own IPSec vpns, to separate sites. We want a central place to setup/monitor/change IPSec details.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You cannot have multiple tunnels to the same remote network on different firewalls. How would it possibly differentiate between them?

        The remote sites must NAT their local network so that pfSense sees a different network at each location. The details of how that is done vary depending on the type of VPN and what sort of hardware/software is running the VPN at the remote sites.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          cooljimy84
          last edited by

          I did think that if it worked it would break all routing.

          It was a long shot, as i thought each interface would have it's own routing table, so i could have

          192.168.1.0 <<ipsec a="" nailed="" to="">> 123.123.123.120 <<lan to="">> 10.0.0.0 <<routing rule="" for="" outbound="" ipsec="" a="">>
          192.168.1.0 <<ipsec b="" nailed="" to="">> 123.123.123.121 <<lan to="">> 10.0.1.0 <<routing rule="" for="" outbound="" ipsec="" b="">>
          192.168.1.0 <<ipsec c="" nailed="" to="">> 123.123.123.122 <<lan to="">> 10.0.2.0 <<routing rule="" for="" outbound="" ipsec="" c="">>

          All on one pfsense firewall with each</routing></lan></ipsec></routing></lan></ipsec></routing></lan></ipsec>

          1 Reply Last reply Reply Quote 0
          • First post
            Last post