Internet Over IPSec- Web Filter

  • Hello,
    I have successfully sent internet traffic from site A to site B, but I need it to get filtered by a web filter at site B. What is the best way to accomplish this? I tried adding a gateway on the ipsec firewall rule, but it does not seem to work. Clients at site A have no internet and a traceroute shows TTL expired and a possible routing loop at the local gateway of site B which is a layer 3 switch.

    In my mind it would be Site A --tunnel---> Site B ---> ipsec traffic hops to local gateway ----> Local gateway routes traffic through web filter ----> web filter passes traffic back to pfsense ----> Internet.

    Even just a basic topology suggestion would be hugely helpful.


  • I ended up setting up a wpad.dat file and configuring dhcp option 252 and dns wpad A record for auto proxy config to work around this. Would have preferred inline/transparent filtering but it will work for now.

Log in to reply