IPSec VLAN Passthrough



  • Hi,

    I am fairly familiar with StrongSwan and its configuration however not having so much luck with pfSense.

    I have a site-to-site VPN setup and each site has 2 vlans / subnets configured on it. I m splitting the IPSec tunnel so that only traffic destined for the remote networks passes through the IPSec tunnel.

    Site 1
    10.0.100.0/24
    10.0.10..0/24

    Site 2
    10.10.100.0/24
    10.10.10.0/24

    My issues is I am unsure how to stop the local traffic of the site from also been passed through. When the IPSec tunnel is active I can no longer access any local networks. I know this is due to the setting of my leftsubnet to 10.0.0.0/8 however I will have more remote sites up in the future which will also fall within this subnet.

    I would usually add the following to the strongswan ipsec.conf However I have found doing this in the /var/etc/ipsec/ipsec.conf is unreliable as the file is automatically generated.

    conn bypasslan
    	leftsubnet = 10.10.0.0/16
    	rightsubnet = 10.10.0.0/16
    	authby = never
    	type = passthrough
    	auto = route
    
    Is there someway I am missing that this is accomplished with firewall rules?
    
    Cheers