Using a VIP as a IPSec endpoint IP ?

  • I've got my pfSense up an running with as LAN.

    Now I'd like to add an IPSec Tunnel with given parameters from a client.
    This tunnel needs that my endpoint is not but I cant change my LAN subnet or the IPSec Configuration.

    Is this possible with a VIP ? CARP or PARP ? From my understanding of reading the docs it should be CARP, but CARP has to be in the same subnet as my mainnet, put PARP does not reply on ICMP, does that matter ?

    Will pfSense be able to establish the tunnel this way and talk to the remote route which expects as my IP ?


Log in to reply