Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuration rules IPSEC

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tgsltd
      last edited by

      Hello,

      I created a VPN between a SOURCE and a DESTINATION

      my network mapping:


      SOURCE server >> fase one ipsec preshared key >> second fase >> DESTINATION GW >> DESTINATION DB
      10.10.10.243  >>            X.X.X.45                >>    X.X.X.44  >>    Y.Y.Y.150        >>    Y.Y.Y.170


      What are all the rules I have to create if I want that the SOURCE pass only trough the vpn on port 53.

      Thank you.

      pf-sense 1.2-RELEASE

      1 Reply Last reply Reply Quote 0
      • T
        tgsltd
        last edited by

        nobody??

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          If you want to control traffic entering the tunnel, block it from entering your LAN interface. You can only block traffic entering an IPsec tunnel using the rules on the IPsec tab.

          For example, on your LAN rules, put something like this:

          Pass from LAN network to y.y.y.y/24 destination port 53
          Block from LAN network to y.y.y.y/24
          Pass from LAN network to any (normal default outbound rule)

          That would only allow traffic going to port 53 on any system in the y.y.y.y network to enter the tunnel. If the subnet mask isn't /24 on that, change it to what you need.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • T
            tgsltd
            last edited by

            Thank you Jimp for your answer, I tried but it still doesn't work.

            I waist long days on this, to try or find something on forum, tuto, howto… But I still don't know why my packets doesn't go through the VPN.

            So I'll post all my configuration to see if you could understand and explain me what happen.

            So, first, My IPSEC tunnel :


            I think i read something about SAD, it's not normal if there is nothing in… right?

            My NAT config :

            And Outbound is on "Automatic outbound NAT rules generation (IPSEC passthrough)"

            My RULES :


            And my logs IPSEC :

            So if you find what's wrong… tell me, thanks a lot!!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.