Feature Request- Need multiple Subnets (vpn selectors)



  • i often set up vpn's between sites with multiple subnets behind the firewall, often to seperate voip traffic. as far as i  know there is no way to have multiple subnets on each or any side of a pfsense ipsec vpn. most non SOHO vpn gateways will allow this, adtran, cisco, astaro etc.

    you can't always create multiple vpn's between sites. many firewalls won't allow it so interoperability goes out the door.
    does anyone know if this is going to be allowed in future versions or if its even possible now? i'm sure that its probably possible in the underlying code just that the gui doesn't allow for it, right>?

    Adtran

    Astaro






  • Can you not add static routes for the networks in question with the remote endpoint as the gateway?



  • @ktims:

    Can you not add static routes for the networks in question with the remote endpoint as the gateway?

    but that wouldn't be vpn



  • I meant to use the remote LAN gateway (192.168.5.1 or whatever), which will still tunnel all the traffic over the VPN. Now that I think about it though I'm not sure it'd even work with the way pfSense does routing over IPsec. Either way, what you're asking for is indeed a slightly different and useful feature.



  • I think it's possible to configure multiple subnet in the future pfSense 2.0 platform.

    Please see : http://devwiki.pfsense.org/v20Todo

    Regards


  • Rebel Alliance Developer Netgate

    Multiple subnets w/IPSec are possible in 1.2.x in a non-obvious way, and there are some issues, but you can try it to see if it works for you:

    http://doc.pfsense.org/index.php/IPSec_with_Multiple_Subnets

    It didn't work for me, but I think that was mainly due to the fact that I was using a mobile tunnel and not a static site-to-site tunnel. The parts of my VPN that needed multiple subnets got moved to an OpenVPN tunnel and have been working happily ever since.



  • @luma:

    I think it's possible to configure multiple subnet in the future pfSense 2.0 platform.

    wow finally! that looks promising! now just have to wait for 2.0…
    sigh...



  • I think I asked the same thing here http://forum.pfsense.org/index.php/topic,14633.msg77791.html but I didn't describe it as well.

    It will definitely be nice to do it in 2.0! I hope that's what I'm reading on that link.



  • @jimp:

    Multiple subnets w/IPSec are possible in 1.2.x in a non-obvious way, and there are some issues, but you can try it to see if it works for you:

    http://doc.pfsense.org/index.php/IPSec_with_Multiple_Subnets

    It didn't work for me, but I think that was mainly due to the fact that I was using a mobile tunnel and not a static site-to-site tunnel. The parts of my VPN that needed multiple subnets got moved to an OpenVPN tunnel and have been working happily ever since.

    Parallel tunnels works.  You have to make sure ALL settings (except the network) are exactly the same, but it works.  I have this between pfSense <-> pfSense and pfSense <-> Cisco.

    Roy


Log in to reply