How can I route different prefixes to their respective tunneled gateways?
-
I have a couple of HE prefixes, they both are GIF tunnels on pfSense.
One of them is a standard setup textbook setup, the other though, is also a "standard textbook setup" except that its GIF endpoint is on a remote firewall/gateway that's linked to the first one with an S2S dual-stack OpenVPN tunnel that's using addresses from the first routed prefix for its regular traffic and even it has prefixes from the first GIF attached on its interfaces routed all the way over there through the OpenVPN tunnel.
Somewhat like this:
But there's not much to route there really, traffic merely follows the default gateways set on each firewall and ignores other gateways. But how could I force the traffic from a certain subnet where NAT tricks are frowned upon to use a foreign segment so it eventually finds its gateway?
Policy routing? Policy filtering? FRR? (…is there VRF on pfSense??)
I was thinking just now that at least I will be able to do it all in floating rules since there's no NAT involved, no reply-to to worry about; which gave this big ol' hunch that source-prefix-based policy routing rules will do, but I don't want to get my hopes up just yet because I'm afraid it might be prefix translation as well.
Thanks.
