• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Access service in device connected via IPSEC trought public IP

Scheduled Pinned Locked Moved General pfSense Questions
pfsenseipsecport forward
4 Posts 2 Posters 647 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    felipefonsecabh
    last edited by Aug 25, 2023, 7:10 PM

    Hi!
    I have this scenario:

    acesso-energisa-medidores.drawio.png

    I need access service in 7700 port in 192.168.17.10 that connect to pfsense from IPSEC Tunnel.

    Then i created a port forward in Firewall -> NAT:

    Source: Any
    Destination: WAN Address
    Destination Port Range: 25001
    Redirect Target IP: 192.168.17.10
    Redirect Target Port: 7700

    but i can't access the service. I missing anything? Thanks a lot!

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Aug 25, 2023, 10:04 PM

      What subnets is your IPSec tunnel carrying? Is it using VTI (route based)?

      It will have to carry traffic from any external IP so forwarded traffic matches it.

      Steve

      F 1 Reply Last reply Aug 26, 2023, 10:38 AM Reply Quote 0
      • F
        felipefonsecabh @stephenw10
        last edited by Aug 26, 2023, 10:38 AM

        @stephenw10

        Hi!
        My Configurations on IPSEC:

        Local Network: LAN NET
        Remote Network: 192.168.17.0/24

        I think i'm not using VTI.

        I have change local network to Any to carry traffic from any external IP?

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Aug 26, 2023, 1:49 PM

          @felipefonsecabh said in Access service in device connected via IPSEC trought public IP:

          I have change local network to Any to carry traffic from any external IP?

          Yes, if you are using policy based IPSec and need to keep using that. The policy has to match that traffic and the source IP could be any IP.

          But if you do that it will match traffic at the other end for 'any' destination. All traffic from site1 will go over the IPSec tunnel. Which you probably don't want.

          A route based VPN tunnel of some sort would give you more options.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received