Policy Based Routing and VPN
-
One simple question: Is PFsense able to do policy based routing with VPN site2site?
Like Two Sites with one pfsense each, dual wan at each site and two vpn at each site. I need to direct traffic from lan to specific vpn betwen sites, based on ip,protocol,port etc.
Is it possible? I've posted this question several times, with no replies! Can please a Hero respond? I would like to migrate a customer that is using a linux firewall configured by me with iptables to do that policy based routing with openvpn.
Thanks a lot.
-
I'm not sure if it's really possible I would have to try such a setup, but generally with a little hack it should be possible IMO.
Two links is no problem, as long as you dont want the pfSense to failover the VPNs.
If you really need failover, you should be able to get it going with the failover function of OpenVPN itself.Generally you cannot select in a policy routing rule another gateway than the gateways present in the routingtable, what you configured on the interface config pages and the failover/loadbalancing pools.
So you can create a dummy-failover/loadbalancing pool and use this one in the rule and then modify it.@http://forum.pfsense.org/index.php/topic:
1: Create a balancing pool and add a dummy-entry.
2: Download the config.xml and find the part with the info you add.
3: Copy/Paste your dummy entry and fill in the real gateway/monitor IPs.As monitoring IP use one of the immediate hops on your ISP's side.
You cannot have the same monitoring IP for different WANs.4: Restore the config.xml.
Now your manually added infos should show up.
In this example fill in as gateway the other side of the OpenVPN tunnel, and as monitor IP an IP on the other side of the network.
Disclaimer:
I'm not entirely sure this works and i would have to try it out, but i think it should work.
