IPSec on all incoming connections but not outgoing



  • I am new to pfsense so apologies if this is a basic question but I don't seem to find the solution on google.

    I understand IPSec in pfsense is mostly meant to protect a site to site connection with a specific IP.

    But is there a way to do something similar to Windows, which allows to make IPSec mandatory on all incoming connections, but optional (or better no ipsec at all) on all outgoing connections?

    Basically I am trying to protect a server with pfsense, I want the server to be able to access the web without IPSec (so that it can update itself) but all clients (which I control) connecting to that server to be forced to use IPSec, whichever IP they come from.


Log in to reply