• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing specific traffic (destination or protocol) through ipsec VPN

Scheduled Pinned Locked Moved NAT
2 Posts 2 Posters 160 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cedrictang
    last edited by Nov 16, 2024, 2:51 PM

    Hello,

    Been trying to do this and researching this for a while without luck.

    Site A and Site B connected via ipsec VPN.
    Both sites have vlans.

    I wish to route certain host's traffic on Site A (specific vlan) to go through the VPN and exit to the internet on Site B and vice versa.

    I understand I need to do something on routing and NAT and firewall rules.
    Can anyone give me pointers? Current NAT is set to manual outbound NAT.
    Really stuck at the moment. Thanks!

    T 1 Reply Last reply Nov 16, 2024, 4:27 PM Reply Quote 0
    • T
      The Party of Hell No @cedrictang
      last edited by Nov 16, 2024, 4:27 PM

      @cedrictang
      I am assuming the tunnel is working. Have you assigned an interface to the tunnel (there is a gateway)?
      NAT outbound manual rule - direct (give permission) the VLAN out the VPN tunnel.
      Firewall - rules - (the VLAN Interface) create a pass rule just above the all rule or edit the all rule by opening the advanced menu and at the bottom change the gateway to the IPSEC gateway. If you don't edit the all rule you should disable it. I tend to leave things alone as much as possible so I can later understand the changes I made.
      I think this will get you there.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received