Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec VTI is a dream...

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 215 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrzaz
      last edited by

      Hello,

      Have been running pfsense for quite many years incl. IpSec
      and have always found the strange and cumbersome way
      the traditional IpSec handles the "routing" of subnets a bit frustrating.

      This until the VTI was introduced which has been very liberating. 🙂
      I REALLY do like this and has worked wonders in my system where
      OS based routing could be used and there is full transparent
      of what goes where... I would like to thank the one adding this.
      And of course to all the contributors to the whole pfsense project. Kudos...

      I have a dual site to site IpSec VTI setup where everyone routes to everyone
      as all was all within same location.

      Location 1. Location 2. Location 3.
      Lan1 - pfsense1 -IpSec - pfsense2 - Lan2 / IpSec - pfsense3 - Lan3

      #1. 192.168.120.0 / 121.0
      #2. 192.168.10.0 / 12.0
      #3. 192.168.20.0
      All 5 nets could reach each other from any of the locations.
      Of course through rules...

      Works like a charm. One thing to think of is that the transport net sometimes
      will be the source address of packets so this needs to be included in rules...

      Have not tested routing protocols such as ospf yet as my net is to small
      and feels a bit overkill.

      As I have everything setup working with VTI I could help out if I can
      if someone's need any help, hints to the right direction and possible pitfalls.

      Best regards
      Dan Lundqvist
      Stockholm, Sweden

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.