IPsec with a transparent firewall

  • Hi,
    I followed the instructions to setup IPsec but devices can not connect to it.
    The one thing that is different in my PFSense setup is that I use the firewall in transparent mode (bridged WAN and LAN on OPT1 and do not have a NAT, but rather public IP's on both sides of the firewall).

    Is it even possible to get an IPsec tunnel up to this PFSense firewall?

    Thanks for any hints!

  • Rebel Alliance Developer Netgate

    That isn't going to work out of the box because there is no way for the devices on your bridged interfaces to know that the IPsec client traffic needs to return to the firewall. They will address it to their gateway and pfSense won't pick it up.

    You'd have to put a static route on each device on LAN/OPT1 pointing your IPsec client subnet traffic to the firewall. If you only need to reach from IPsec to the LAN/OPT1 you might be able to workaround that with manual outbound NAT on LAN/OPT1 to translate the IPsec subnet to the firewall's IP address, but that could still have some quirks.

    In short, it's difficult to tell the firewall to both not be a gateway and also be a gateway.

  • Hello,

    I have the same problem.

    @jimp : i don't understand your solution. Can you explain me with more details please ?

    I made a schema :


    thank you very much if you can help me because I'm stuck.