Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    gateway routing through 2 ipsec tunnel protocol based

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 432 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      luisenrique
      last edited by

      Hello, before all sorry about my english.
      i have 2 pfsense server on 2 different location linked with 2 links(main and backup) between pfsense a have naked vpn ipsec tunnels

      subnet site A: behind PfsenseA < IPsec_tunel1(mail link10mbps) > PfSense B Subnet siteB
      172.32.1.0/24 to 172.16.1.0/24
      172.31.1.0/24 to 172.20.20.0/24
      subnet site A: behind PfsenseA < IPsec_tunel2(slow link2mbps)> PfSense B Subnet siteB
      192.168.135.0/24 to 10.10.10.0/24
      X toY subnet
      because security reason the ipsec tunnel most be exist over any link, them in some situation a have to manually add or modify phase2 entries to make routing through specific link main or slow depending, my question is.. can make routing using gateway specific to pass some specific traffic protocol based, for example smtp traffic route through tunnel over slow link and web surf on main link..?? or the better way is create only one ipsec tunnel using gateway group?? in the last case our interest are use both links to pass some protocol based traffic over it.

      jimpJ 1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate @luisenrique
        last edited by

        @luisenrique said in gateway routing through 2 ipsec tunnel protocol based:

        because security reason the ipsec tunnel most be exist over any link, them in some situation a have to manually add or modify phase2 entries to make routing through specific link main or slow depending, my question is.. can make routing using gateway specific to pass some specific traffic protocol based, for example smtp traffic route through tunnel over slow link and web surf on main link..?? or the better way is create only one ipsec tunnel using gateway group?? in the last case our interest are use both links to pass some protocol based traffic over it.

        That is not currently possible with any released version of pfSense. That said, on version 2.4.4 currently under development we have a new feature for routed IPsec that can support policy routing like you describe. It isn't 100% solid/stable yet, so I wouldn't roll it out in production without testing first, but it will be available in a stable release in a couple months.

        The only catch is that both sides must support routed IPsec, but since both sides are pfSense that should not be a problem for you.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        L 1 Reply Last reply Reply Quote 1
        • L
          luisenrique @jimp
          last edited by

          @jimp that's good news! I'm have researched looking for an solution and become here to post as last resort(because my english writing), fine both side are pfSense i'm happy to use it. While i will keep routing policy by hand a way statistically by adding hosts or networks according my needs. regards

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.