4. IPSec VLAN Passthrough

IPSec VLAN Passthrough

  • D

    Hi,

    I am fairly familiar with StrongSwan and its configuration however not having so much luck with pfSense.

    I have a site-to-site VPN setup and each site has 2 vlans / subnets configured on it. I m splitting the IPSec tunnel so that only traffic destined for the remote networks passes through the IPSec tunnel.

    Site 1
    10.0.100.0/24
    10.0.10..0/24

    Site 2
    10.10.100.0/24
    10.10.10.0/24

    My issues is I am unsure how to stop the local traffic of the site from also been passed through. When the IPSec tunnel is active I can no longer access any local networks. I know this is due to the setting of my leftsubnet to 10.0.0.0/8 however I will have more remote sites up in the future which will also fall within this subnet.

    I would usually add the following to the strongswan ipsec.conf However I have found doing this in the /var/etc/ipsec/ipsec.conf is unreliable as the file is automatically generated.

    conn bypasslan
	leftsubnet = 10.10.0.0/16
	rightsubnet = 10.10.0.0/16
	authby = never
	type = passthrough
	auto = route

Is there someway I am missing that this is accomplished with firewall rules?

Cheers
    0
 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy