Tunnel all IP through IPsec tunnel

mmi

Hello, may be there is somebody who can help me with my problem. We have an branch office with a PfSense box connected to the Internet. Our main Office is also connected with another PfSense box to the Internet as Main firewall. Now we want to place another PfSense box only for connecting to the branch office with an IPsec tunnel. Now I want to tunnel all IP from the branch office through the tunnel so they must use the main firewall to connect to the Internet. Is something possible, i have written some Cisco documentation about this construction and they say that it is possible  whith an Tunneled function within the IPsec Tunnel. Is this also possible with the PfSense boxes. I try to explain my situation with a small sketch;

BranchOffice    <–>  PfSenseBox     <-->  PublicIp <--> Internet   <--> PublicIP <--> PfSenseBox <--> FirstFirewallNetwork
192.168.1.0/24         192.168.1.254         1.2.3.4         0.0.0.0/24       2.3.4.5          10.24.1.254        10.24.1.0/24
                                                         ========IPsec TUNNEL=========                                        |
                                                                                                                                                  |
                                                                                                                                            10.24.1.1
                                                                                                                                       CoreLayer3Router
                                                                                                                                             10.24.2.1
                                                                                                                                                  |
                                                                                                                                                  |
                                                                            Internet   <--> PublicIP <--> PfSenseBox <--> SecondFirewallNetwork
                                                                          0.0.0.0/24         2.3.4.6         10.24.2.254        10.24.2.0/24

In my virtual environment everything to the private network that is connected to the CoreLayer3Router works fine but connecting
the Internet through to the Main Office PfSenseBox is not possible. I can connect to the webinterface of the Main Office PfSenseBox from the branch office network so I think the routes are ok!. My first thinking was to one2One NAT the Branch offfice to the main office but i didn't try that in my virtual environment. May be i try that later this evening or tomorrow.

Any idea is welcome! Mario

strafelife

I have the same question.  To put it in simpler terms, like your title - the question is:  Is it possible to route "all traffic" over an IPsec tunnel (between 2 pfsense)?

I tried using the "remote network" in the IPsec configuration as 0.0.0.0 / 0  and this does not route.  Could someone confirm if this is doable, with perhaps some routing tricks on the remote pfsense box?

I thought this would hold the clue: http://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

A simple yes/no would suffice.  I would create a bounty to have this done in a future version.

Thanks!