IPSec VLAN Passthrough

  • Hi,

    I am fairly familiar with StrongSwan and its configuration however not having so much luck with pfSense.

    I have a site-to-site VPN setup and each site has 2 vlans / subnets configured on it. I m splitting the IPSec tunnel so that only traffic destined for the remote networks passes through the IPSec tunnel.

    Site 1

    Site 2

    My issues is I am unsure how to stop the local traffic of the site from also been passed through. When the IPSec tunnel is active I can no longer access any local networks. I know this is due to the setting of my leftsubnet to however I will have more remote sites up in the future which will also fall within this subnet.

    I would usually add the following to the strongswan ipsec.conf However I have found doing this in the /var/etc/ipsec/ipsec.conf is unreliable as the file is automatically generated.

    conn bypasslan
    	leftsubnet =
    	rightsubnet =
    	authby = never
    	type = passthrough
    	auto = route
    Is there someway I am missing that this is accomplished with firewall rules?

Log in to reply