Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mobile IPSec: let the user choose between 0.0.0.0/0 or only our internal net through VPN

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 403 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lkolbe
      last edited by

      Hi,

      our mobile users sometimes need to use our VPN for privacy purposes (e.g. in hotels) where all traffic should go through our box.

      At the same time, when they're at home or the distributed offices, they only need some internal nets going through our VPN - having the local subnet of 0.0.0.0/0 cuts them off from their multicast-dns-domains for e.g. TimeMachine backups or the local AppleTV, so the local subnet should be limited to our internal networks. Bonus points if name resolution for our internal domains goes through the pfsense-Nameserver, and all other domains somewhere else.

      I can configure our IKEv2-VPN for either 0.0.0.0/0 or our internal net, but so far I've been unable to implement both ways at the same time on the same external interface.

      Is that even possible? If so, how?
      Kind regards,
      Lukas

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.