Static route to overlapping IPSEC subnet
-
Hello,
I have a working instance of pfSense 2.4.2 with the following setup :
- LAN is on 10.1.1.0/24 (pfsense is 10.1.1.244)
- I have an IPSEC tunnel though WAN with remote subnet 192.168.0.0/16 which works fine
- The LAN network has an other router on 10.1.1.254
I need to access a network through this second router. This network is 192.168.1.0/24 (overlapping with IPSec remote subnet).
On a server in the LAN network (with default gateway set to pfsense (10.1.1.244)), if I add a route to 192.168.1.0/24 via 10.1.1.254 (other router), it works fine.
But when I add this static route in pfSense, I can't access this subnetwork. It seems, looking in Diagnostic/States that it sends packets though the IPSec interface instead of LAN.
I also tried to specify a gateway in firewall rules for this subnet without success.
Is there any way to achieve this setup ?
Thank you very much for your help.
Regards,
Fred
-
It might work if you use policy-based routing for the 192.168.1.0/24 destination on the LAN interface, bypassing IPsec.
It's a big might.
It sounds like you tried that though. You might want to post what you've tried because, at a minimum, that should at least send the traffic out the correct gateway instead of IPsec.
That's why it is not recommended you configure large swaths of space like 192.168.0.0/16 anywhere. Running into conflicts with other sites is pretty much inevitable when you do that.