Make Subnet reachable over IPsec using an IP in the very same Subnet
-
Hello,
I have to make some hosts in a LAN on a remote location reachable over an IPsec-Tunnel.
At this point in time, theres only one Subnet available for me to initiate the VPN-connetion. Unfortunately, this is the very same network those hosts are also residing in.
I want to initiate the IPsec-Tunnel from an IP inside this subnet. So the WAN-Interface and LAN interface would be connected to the same physical Network.Is there really no way to get this working with pfsense.
From a routing perspective it makes total sense it wouldnt work, but maybe theres a way?
Thanks in advance.
-
@kastenfrosch-48 you'd need to nat:-
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html
Much better to re IP one of the subnets IMO.
-
thanks, but i think you missunderstood me.
The Issue is, that on one site i have only one network available to establish the VPN over the WAN interface, in wich the hosts i want to communicate with via the IPsec-tunnel also are.
It would be a double-NAT situation on the WAN side of the pfsense-router, because i want to be indipendent from the sites own firewall.
-
@kastenfrosch-48
Still not really clear, what you intend to achieve.Unfortunately, this is the very same network those hosts are also residing in.
I want to initiate the IPsec-Tunnel from an IP inside this subnet.You want to initiate an IP from one of these remote machines to your pfSense and access the ohter remote network devices through it?