Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    route traffic from local host though site-to-site VPN

    Routing and Multi WAN
    2
    4
    141
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SpaceBass last edited by

      Hey folks,
      I'd like to route traffic from HostA on SiteA (local) though an IPsec VPN and out of one of SiteB's static IPs.

      Why?

      1. On SiteB I have some static IPs available and that's not an option on SiteA.
      2. SiteA is local to most users, and has more hosting capacity for this server
      3. It's a mail server and SiteA's ISP blocks port 25 where as SiteB does not.

      SiteA and SiteB are connected via an IPsec VPN.

      Is this the approach?

      1. set up an interface for IPsec
      2. use that interface as the gateway in a rule for HostA
      3. use outbound NAT on SiteB to make sure traffic goes out on a specific static IP
      4. add an inbound NAT rule on SiteB forwarding port 25 to HostA

      Am I thinking about this correctly? What am I missing? Any other (preferable?) ways to accomplish effectively using a static IP on another box for a service on a local network?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @SpaceBass last edited by

        @spacebass
        I think, it could work if you use an OpenVPN site-to-site instead IPSec and if the pfSense on A is not on version 2.5.1.

        S 1 Reply Last reply Reply Quote 0
        • S
          SpaceBass @viragomann last edited by

          @viragomann thanks! Just curious why OpenVPN is preferable?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @SpaceBass last edited by

            @spacebass
            You have to route SMTP traffic from public sources over from B to A. To send response packets back the correct path to B instead out to the default gateway, there is a special traffic marking required, called reply-to.
            But as far as I know, this doesn’t work on IPSec interfaces and it doesn‘t work on CE 2.5.1.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post