redirect to PFsense IPsec tunnel endpoit which has public IP

Reply to redirect to PFsense IPsec tunnel endpoit which has public IP on Mon, 15 Jan 2024 11:58:26 GMT

admin_axx — Mon, 15 Jan 2024 11:58:26 GMT

@viragomann
It is policy-based tunnel (Tunnel IPv4).

Phase2 is working (status connected).

Status->SystemLogs->IPSEc has no corresponding entries.

But you said " and the subnet is not routed through the tunnel": This is exactly the problem - how to do this? As there are no thus options in the IPSec tunnel settings ("NAT/BINAT translation" should not be the corresponding option.)

Reply to redirect to PFsense IPsec tunnel endpoit which has public IP on Mon, 15 Jan 2024 11:48:56 GMT

viragomann — Mon, 15 Jan 2024 11:48:56 GMT

@admin_axx
Is it a policy-based tunnel or a VTI?

If it is a policy-based and the subnet is not routed through the tunnel, the phase 2 doesn't work. Maybe something wrong in the settings.
You can verify the log.

Reply to redirect to PFsense IPsec tunnel endpoit which has public IP on Mon, 15 Jan 2024 11:40:40 GMT

admin_axx — Mon, 15 Jan 2024 11:40:40 GMT

@viragomann

The tunnel itself i(phase 1 and phase 2) is working with the settings you have mentioned.

The problem is that PFsense is not routing this subnet through the the IPsec tunnel in case of remote network has a public IP address.

For all my tunnel with 10.x.y.z addresses it is working. But in case of 10X.x.y.z/25 I can see using tracerouteit it goes directly to the ip address in the public internet.

Reply to redirect to PFsense IPsec tunnel endpoit which has public IP on Mon, 15 Jan 2024 11:28:57 GMT

viragomann — Mon, 15 Jan 2024 11:28:57 GMT

@admin_axx
Directing a public IP range through the tunnel is generally the same as a private one.

If it is a policy-based IPSec put 10X.x.y.z/25 into the remote network field in the phase 2 and at the remote site into the local network field. And then pfSense should route this subnet through the tunnel.