Enable bypass for LAN interface IP has no effect when supernetting in IPsec P2

  • Hello everyone :)

    I have been looking into pfSense for quite a while now, but I only just stumbled upon the option Auto-exclude LAN address: Enable bypass for LAN interface IP and found it to have no effect and not delivering as promised. Hence, I wonder whether I am far off the track?

    The issue is: My current setup allows access to my LAN Interface IP (pfSense WebUI) through the IPsec tunnel no matter how the above option is set.

    I have one IPsec connection only and it is set to use supernetting in IPsec Phase 2 (, locally). My only LAN Interface IP address is I have a static route set in pfsense to some other gateway to the other local network (, VPN works like a charm, both local networks can be reached through the tunnel.

    My assumption is that this has to do with supernetting in IPSec P2.

  • LAYER 8 Netgate

    Close to the same thing as this:


  • Thx - I just registered with redmine and posted a new bug report ticket:


Log in to reply