IPsec allow only individual hosts to use internet connection from Site A

vm_machina · Jan 24, 2023, 6:44 AM

Hello Forum

i configured ipsec site to site von via ipsec on my two pfsenses.
I get it out that his subnet can reach the other or even use the Routing Internet Traffic Through a Site-to-Site IPsec Tunnel described here:
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-route-internet-traffic.html

Site B is able to use Internet from Site A.
What i trying to archive is that only individual hosts are routing internet traffic trough site a.
everyone else should only be able to reach the local network on the other side, the internet should continue to go out via the local gateway.
I tried to make a p2 for a single host and the other hosts in their own p2 connection. without success.
How can I achieve this

viragomann · Jan 24, 2023, 9:26 AM

@vm_machina
I don’t think that you can achieve that with a policy based IPSec p2.

You can turn it into a VTI and then policy route the upstream traffic of desired IPs over to the remote site.

vm_machina · Jan 24, 2023, 6:37 PM

@viragomann

Thank you for you answer.
Have you an guide ready or a how-to be configured ?

viragomann · Jan 24, 2023, 6:37 PM

@vm_machina
It's explained in the pfSense docs: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html