IPsec vpn feature suggestion
-
I have just completed my first IPsec s2s vpn with 9 Phase 2 tunnels all of which has single IP address Remote Network. All properties except Remote Network IP are the same.
Here comes in mind that allowing Alias for Remote Network in Phase 2 will greatly simplify the process and decrease the possibility of errors for the situations above. We can just create an Alias for the combination of remote IP addresses and enter that Alias in Remote Network field, and end with only 1 Phase 2 tunnel for many IP addresses.
-
Or use VTI IPsec and a routing protocol like BGP and don't mess with extra P2s at all. :-)
-
One of my requirement was to NAT all LAN subnet to a specific public static IP. I tried VTI first, but being new (1 week) in networking and pfSense routing and nating were not straightforward for me. And in Tunnel Mode NAT/BINAT translation field was waiting there to enter my NAT IP.
-
Ah, yeah, VTI and NAT don't get along too well anyhow, so that would hurt your chances as well.
-
Same request 8 years ego:
https://redmine.pfsense.org/issues/946