IPSEC / VPN Routing Question…



  • I feel dumb that I haven't figured this out - but things just aren't flowing tonight. I have the following setup:

    192.168.1.0/24 <pfsense><–---- IPSEC----> <bizguardian>10.10.9.1

    That works fine - traffic passes as expected...

    Now the trick is that there is a 10.10.11.0/24 subnet behind the the 10.10.9.1 firewall that it knows about

    How do I tell pfsense to route all 10.10.11.0 traffic to the 10.10.9.1 box to handle? I've tried a static route and adding rules to allow 10.10.11.0 traffic to the lan...

    Any thoughts - sorry if its a dumb question and I'm just missing it!!

    • SystemSam</bizguardian></pfsense>


  • You need a second parallel tunnel for this as the traffic you want to send through doesn't match the tunneldefinition you already have. Add 2 identifiers at both ends to be used for this (as the tunnels will run between the same public IPs as endpoints). The second Tunnel should have the definition for 192.168.1.0/24 <-> 10.10.11.0/24.
    Another (maybe in this scenario easier) solution is to change the subnetmask at the one end to 10.10.0.0/16. In both cases you need a static route at the pfSense located in the 10.10.9.0/24 subnet to the gateway to 10.10.11.0/24 subnet.


Locked