Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec to IP Alias port forward

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 214 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RG1
      last edited by

      Hi all,

      I'm 99% sure this is not going to work as intended, but have the following scenario.

      VPN where remote side is sourcing traffic via PAT with a public address. Our side is also presenting a public address, but configured as an IP Alias within a management network. P2 settings have these publics as the remote and local network address respectively.

      On the management interface, we've created a couple port forwards with our public as the destination, and a real IP/port within the management network as the back end target.

      Traffic to the back end is seen and returned to the PFSense device as expected, but then blackholes there. From the perspective of IPSec, the source is not seen as the public at this point, but the real IP of our back end server, thus gets dropped.

      Our overall intent here is to have this public IP used with several port forwards on varying ports to devices both local to this PFSense as well as remote from it.

      The question is how best to configure the PFSense to properly return the traffic, if this is even possible.

      To be clear, we're not port forwarding through/to the tunnel, rather after the tunnel on one side of it.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.