Does pfSense need interface with IP that matches IPsec tunnel traffic

  • I have a server that is supported by an outside vendor who requires an IPsec tunnel for support access.

    The server has an IP on the normal LAN network. (

    The vendor has also given it an additional address of

    They want me to setup an IPsec tunnel between and to give them access to the server.

    Does my pfSense box need an active interface on the network?

  • LAYER 8 Netgate

    Why the second address on the host? If they want to access using from their side you would just NAT the "Phase 2" network.

    Local Network:
    Remote Network:

    They would set up a P2 like this:

    Local Network:
    Remote Network:

  • Interesting, so it would map 1 to 1?

    Any packets send to would be NATed to

  • LAYER 8 Netgate


  • So this worked brilliantly! Thank you so much.

Log in to reply