VPN Ipsec without gateway
-
@michmoor said in VPN Ipsec without gateway:
So client-a has no gateway and tries to reach out to client-b on remote network?
This case would need DNAT and VIPs of course.
I was talking about accessing the client from B.
-
Thanks everyone for the replies.
This is the network design:
Thanks -
@provablueteam123
And what is the challenge?
If you've read our recent posts, you should see that the solution depends on if the device in B needs to access an IP at A or if site A needs to access the device at B. -
@viragomann
I have to access from a to b -
@provablueteam123 This is a basic SNAT, no? Not really seeing a challenge here.
-
@provablueteam123 said in VPN Ipsec without gateway:
@viragomann
I have to access from a to bSo this is how I understood your first post and I described the way to solve it in my first one already. Did you add the suggested outbound NAT rule yet?
-
@viragomann
The following configuration must be done on the PFSense a or b?Ensure that the outbound NAT is in hybrid or manual mode.
Add a rule:
interface: LAN
protocol: as you need
source: any or even the remote sites network
destination: the devices IP they want to access from remote
translation: interface addressThanks
-
@provablueteam123
On b, where the client who has no gateway resides.Without this, the device sees the origin source IP in the packets from the a LAN. Since he has no route, he cannot respond.
This rule translates the source IP in packets destined to the stated device IP into the LAN IP of pfSense. So the device sees IP which lies within his subnet and send responses back to pfSense, where they are forwarded to the other site. -
Kind of curious to know what sort of device that is that has no gateway.
Maybe it just has the wrong gateway.
Outbound NAT (SNAT) will work fine either way though.
Steve
-
@viragomann
I tried it works great
Thank you so much