Use remote site's ip address to reach for specific host

yeahmagnets

Hi,

I've ipsec tunnel installed as below(IP adresses imaginary due to security reasons);

SITE A :
LOCATION : Paris
WAN : 172.177.77.77
LAN : 192.168.10.254

SITE B:
LOCATION : Istanbul
WAN : 174.174.74.74
LAN : 192.168.20.254

SITE B's internet traffic goes through SITE A because VOIP system only allows traffic from 172.177.77.77 so that's why phase 2 settings;
SITE A : LAN 0.0.0.0/0
SITE B : RLAN 0.0.0.0/0

With this config when you go whatismyip.com from Istanbul it shows your ip as 172.177.77.77 and voip systems works because it thinks that you are in Paris not in Istanbul :)

But it also messes with Istanbul users google searches or all other HTTP & HTTPS traffics because all other platforms thinks that you are in Paris too, i was wondering is it possible to make an firewall or NAT rule to force pfsense if any traffic goes to 192.168.10.254 (VOIP router's ip in france) through tunnel use Paris's WAN ip and for all other traffics use Istanbul's WAN ip.

Unfortunately we can not allow Istanbul's ip to reach to VOIP central, the company directly says no, i'm trying to find a work arround.

Cheers.

viragomann

@yeahmagnets
You have to policy route the VoIP traffic to the remote VPN endpoint. But this is not possible with policy based IPSec. I think, it can be done with routed IPSec (VTI), but I never set this up by myself.

You can policy route the traffic with OpenVPN or Wireguard though.