IPSec VLAN Passthrough
DK101 last edited by
I am fairly familiar with StrongSwan and its configuration however not having so much luck with pfSense.
I have a site-to-site VPN setup and each site has 2 vlans / subnets configured on it. I m splitting the IPSec tunnel so that only traffic destined for the remote networks passes through the IPSec tunnel.
My issues is I am unsure how to stop the local traffic of the site from also been passed through. When the IPSec tunnel is active I can no longer access any local networks. I know this is due to the setting of my leftsubnet to 10.0.0.0/8 however I will have more remote sites up in the future which will also fall within this subnet.
I would usually add the following to the strongswan ipsec.conf However I have found doing this in the /var/etc/ipsec/ipsec.conf is unreliable as the file is automatically generated.
conn bypasslan leftsubnet = 10.10.0.0/16 rightsubnet = 10.10.0.0/16 authby = never type = passthrough auto = route Is there someway I am missing that this is accomplished with firewall rules? Cheers