4. IPSec VLAN Passthrough

IPSec VLAN Passthrough

  • D

    Hi,

    I am fairly familiar with StrongSwan and its configuration however not having so much luck with pfSense.

    I have a site-to-site VPN setup and each site has 2 vlans / subnets configured on it. I m splitting the IPSec tunnel so that only traffic destined for the remote networks passes through the IPSec tunnel.

    Site 1
    10.0.100.0/24
    10.0.10..0/24

    Site 2
    10.10.100.0/24
    10.10.10.0/24

    My issues is I am unsure how to stop the local traffic of the site from also been passed through. When the IPSec tunnel is active I can no longer access any local networks. I know this is due to the setting of my leftsubnet to 10.0.0.0/8 however I will have more remote sites up in the future which will also fall within this subnet.

    I would usually add the following to the strongswan ipsec.conf However I have found doing this in the /var/etc/ipsec/ipsec.conf is unreliable as the file is automatically generated.

    conn bypasslan
	leftsubnet = 10.10.0.0/16
	rightsubnet = 10.10.0.0/16
	authby = never
	type = passthrough
	auto = route

Is there someway I am missing that this is accomplished with firewall rules?

Cheers
    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy