Enable bypass for LAN interface IP has no effect when supernetting in IPsec P2



  • Hello everyone :)

    I have been looking into pfSense for quite a while now, but I only just stumbled upon the option Auto-exclude LAN address: Enable bypass for LAN interface IP and found it to have no effect and not delivering as promised. Hence, I wonder whether I am far off the track?

    The issue is: My current setup allows access to my LAN Interface IP (pfSense WebUI) through the IPsec tunnel no matter how the above option is set.

    I have one IPsec connection only and it is set to use supernetting in IPsec Phase 2 (192.168.0.0/23, locally). My only LAN Interface IP address is 192.168.1.1/24. I have a static route set in pfsense to some other gateway to the other local network (192.168.0.0/24), VPN works like a charm, both local networks can be reached through the tunnel.

    My assumption is that this has to do with supernetting in IPSec P2.


  • Netgate

    Close to the same thing as this:

    https://redmine.pfsense.org/issues/5826



  • Thx - I just registered with redmine and posted a new bug report ticket:

    https://redmine.pfsense.org/issues/8549