Static route to overlapping IPSEC subnet

  • Hello,

    I have a working instance of pfSense 2.4.2 with the following setup :

    • LAN is on (pfsense is
    • I have an IPSEC tunnel though WAN with remote subnet which works fine
    • The LAN network has an other router on

    I need to access a network through this second router. This network is (overlapping with IPSec remote subnet).

    On a server in the LAN network (with default gateway set to pfsense (, if I add a route to via (other router), it works fine.

    But when I add this static route in pfSense, I can't access this subnetwork. It seems, looking in Diagnostic/States that it sends packets though the IPSec interface instead of LAN.

    I also tried to specify a gateway in firewall rules for this subnet without success.

    Is there any way to achieve this setup ?

    Thank you very much for your help.



  • LAYER 8 Netgate

    It might work if you use policy-based routing for the destination on the LAN interface, bypassing IPsec.

    It's a big might.

    It sounds like you tried that though. You might want to post what you've tried because, at a minimum, that should at least send the traffic out the correct gateway instead of IPsec.

    That's why it is not recommended you configure large swaths of space like anywhere. Running into conflicts with other sites is pretty much inevitable when you do that.

Log in to reply