Make Subnet reachable over IPsec using an IP in the very same Subnet

Kastenfrosch-48 · Jan 11, 2023, 10:18 AM

Hello,

I have to make some hosts in a LAN on a remote location reachable over an IPsec-Tunnel.
At this point in time, theres only one Subnet available for me to initiate the VPN-connetion. Unfortunately, this is the very same network those hosts are also residing in.
I want to initiate the IPsec-Tunnel from an IP inside this subnet. So the WAN-Interface and LAN interface would be connected to the same physical Network.

Is there really no way to get this working with pfsense.

From a routing perspective it makes total sense it wouldnt work, but maybe theres a way?

Thanks in advance.

NogBadTheBad · Jan 11, 2023, 10:31 AM

@kastenfrosch-48 you'd need to nat:-

https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html

Much better to re IP one of the subnets IMO.

Kastenfrosch-48 · Jan 11, 2023, 7:00 PM

thanks, but i think you missunderstood me.

The Issue is, that on one site i have only one network available to establish the VPN over the WAN interface, in wich the hosts i want to communicate with via the IPsec-tunnel also are.

It would be a double-NAT situation on the WAN side of the pfsense-router, because i want to be indipendent from the sites own firewall.

viragomann · Jan 11, 2023, 7:00 PM

@kastenfrosch-48
Still not really clear, what you intend to achieve.

Unfortunately, this is the very same network those hosts are also residing in.
I want to initiate the IPsec-Tunnel from an IP inside this subnet.

You want to initiate an IP from one of these remote machines to your pfSense and access the ohter remote network devices through it?