4. Mobile IPSec: let the user choose between 0.0.0.0/0 or only our internal net through VPN

Mobile IPSec: let the user choose between 0.0.0.0/0 or only our internal net through VPN

  • L

    Hi,

    our mobile users sometimes need to use our VPN for privacy purposes (e.g. in hotels) where all traffic should go through our box.

    At the same time, when they're at home or the distributed offices, they only need some internal nets going through our VPN - having the local subnet of 0.0.0.0/0 cuts them off from their multicast-dns-domains for e.g. TimeMachine backups or the local AppleTV, so the local subnet should be limited to our internal networks. Bonus points if name resolution for our internal domains goes through the pfsense-Nameserver, and all other domains somewhere else.

    I can configure our IKEv2-VPN for either 0.0.0.0/0 or our internal net, but so far I've been unable to implement both ways at the same time on the same external interface.

    Is that even possible? If so, how?
    Kind regards,
    Lukas

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy