Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec VLAN Passthrough

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 499 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DK101
      last edited by

      Hi,

      I am fairly familiar with StrongSwan and its configuration however not having so much luck with pfSense.

      I have a site-to-site VPN setup and each site has 2 vlans / subnets configured on it. I m splitting the IPSec tunnel so that only traffic destined for the remote networks passes through the IPSec tunnel.

      Site 1
      10.0.100.0/24
      10.0.10..0/24

      Site 2
      10.10.100.0/24
      10.10.10.0/24

      My issues is I am unsure how to stop the local traffic of the site from also been passed through. When the IPSec tunnel is active I can no longer access any local networks. I know this is due to the setting of my leftsubnet to 10.0.0.0/8 however I will have more remote sites up in the future which will also fall within this subnet.

      I would usually add the following to the strongswan ipsec.conf However I have found doing this in the /var/etc/ipsec/ipsec.conf is unreliable as the file is automatically generated.

      conn bypasslan
      	leftsubnet = 10.10.0.0/16
      	rightsubnet = 10.10.0.0/16
      	authby = never
      	type = passthrough
      	auto = route
      
      Is there someway I am missing that this is accomplished with firewall rules?
      
      Cheers
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.