problem reaching Public IP endpoint of IPSEC with dual WAN
-
Hello everyone, I try to explain my problem:
i have a pfsense with two WANs working perfectly.
My LAN goes out with WAN A
I have many ipsec tunnels all listening on wan "A";
to distribute the network load I configured 2 tunnels on WAN "B".Everything works perfectly except that: a LAN client (which therefore goes out with WAN A) cannot reach the public IP of the remote end points (eg x.x.x.x y.y.y.y) of the ipsec configured with WAN "B".
I noticed this happens because pfsense creates a route
x.x.x.x use gateway (B)
y.y.y.y use gateway (B)and then the LAN using WAN "A" does not go out on those IPs.
How come he puts up a useless rule?
Can it be solved (without deleting the rule each time)?
Thank you -
@f-giraud said in problem reaching Public IP endpoint of IPSEC with dual WAN:
I noticed this happens because pfsense creates a route
x.x.x.x use gateway (B)
y.y.y.y use gateway (B)Is it a problem for the LAN client to go out to gateway B?
Do you policy route the LAN out to WAN B?Is there an outbound NAT rule in place for the LAN subnet on B?
-
@viragomann
hi thank you for the response.Is it a problem for the LAN client to go out to gateway B? (NO!)
Do you policy route the LAN out to WAN B? (no!)
Is there an outbound NAT rule in place for the LAN subnet on B? (NO !!)The lan go out only with WAN A (and is right !!!)
the lan don't reach the PUBLIC (x.x.x.x o y.y.y.y) ip endpoint with WAN A -
@f-giraud said in problem reaching Public IP endpoint of IPSEC with dual WAN:
Do you policy route the LAN out to WAN B?
I wanted to request for WAN A.
But the traffic also goes out on A if its the default gateway, of course.Is there an outbound NAT rule in place for the LAN subnet on B? (NO !!)
So I would simply add an outbound NAT rule for the source of LAN subnet to WAN B.
Otherwise, I think, policy routing the traffic to WAN A should work as well.
-
This post is deleted!