Using a VIP as a IPSec endpoint IP ?



  • I've got my pfSense up an running with 192.168.1.0/24 as LAN.

    Now I'd like to add an IPSec Tunnel with given parameters from a client.
    This tunnel needs that my endpoint is not 192.168.1.1 but 172.10.10.1. I cant change my LAN subnet or the IPSec Configuration.

    Is this possible with a VIP ? CARP or PARP ? From my understanding of reading the docs it should be CARP, but CARP has to be in the same subnet as my mainnet, put PARP does not reply on ICMP, does that matter ?

    Will pfSense be able to establish the tunnel this way and talk to the remote route which expects 172.10.10.1 as my IP ?

    Thanks


Log in to reply