Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Use remote site's ip address to reach for specific host

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 328 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yeahmagnets
      last edited by

      Hi,

      I've ipsec tunnel installed as below(IP adresses imaginary due to security reasons);

      SITE A :
      LOCATION : Paris
      WAN : 172.177.77.77
      LAN : 192.168.10.254

      SITE B:
      LOCATION : Istanbul
      WAN : 174.174.74.74
      LAN : 192.168.20.254

      SITE B's internet traffic goes through SITE A because VOIP system only allows traffic from 172.177.77.77 so that's why phase 2 settings;
      SITE A : LAN 0.0.0.0/0
      SITE B : RLAN 0.0.0.0/0

      With this config when you go whatismyip.com from Istanbul it shows your ip as 172.177.77.77 and voip systems works because it thinks that you are in Paris not in Istanbul :)

      But it also messes with Istanbul users google searches or all other HTTP & HTTPS traffics because all other platforms thinks that you are in Paris too, i was wondering is it possible to make an firewall or NAT rule to force pfsense if any traffic goes to 192.168.10.254 (VOIP router's ip in france) through tunnel use Paris's WAN ip and for all other traffics use Istanbul's WAN ip.

      Unfortunately we can not allow Istanbul's ip to reach to VOIP central, the company directly says no, i'm trying to find a work arround.

      Cheers.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @yeahmagnets
        last edited by

        @yeahmagnets
        You have to policy route the VoIP traffic to the remote VPN endpoint. But this is not possible with policy based IPSec. I think, it can be done with routed IPSec (VTI), but I never set this up by myself.

        You can policy route the traffic with OpenVPN or Wireguard though.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.