Site-to-Site, but for a single device?
-
Suppose I want to use two pfsense appliances in two different cities to create a site-to-site VPN, but only for a single device (that can't have a VPN client installed onto it) at Site 1, and I want all the traffic from that 1 device to go through the tunnel and exit at Site 2.
I want every other device at Site 1 to ignore this particular tunnel.
Nothing inside Site 2 needs to see the device, either.
Do I set up Site 1's Phase 2 for Local Network: Address: address.of.specific..device and Remote Network to Network 0.0.0.0/0?
How do I set up Phase 2 for Site 2?
Thanks!
-
Firewall/Rules/IPsec
-
Hi! Can you please be a bit more specific?
-
@thewaterbug i think he means that you’d create a standard tunnel between the subnets at both sides. On the remote end, on the IPSec firewall tab, you’d then create a rule that allows all traffic from a single host (your local ip that you want to give access). This would allow that host only to have access to the remote end. All others would be rejected.
-
@thewaterbug I’d personally recommend you look into VTI ipsec which will create a gateway that you can then use in a policy based firewall rule for the specific host you want to give access to.