Configuration rules IPSEC

  • Hello,

    I created a VPN between a SOURCE and a DESTINATION

    my network mapping:

    SOURCE server >> fase one ipsec preshared key >> second fase >> DESTINATION GW >> DESTINATION DB  >>            X.X.X.45                >>    X.X.X.44  >>    Y.Y.Y.150        >>    Y.Y.Y.170

    What are all the rules I have to create if I want that the SOURCE pass only trough the vpn on port 53.

    Thank you.

    pf-sense 1.2-RELEASE

  • nobody??

  • Rebel Alliance Developer Netgate

    If you want to control traffic entering the tunnel, block it from entering your LAN interface. You can only block traffic entering an IPsec tunnel using the rules on the IPsec tab.

    For example, on your LAN rules, put something like this:

    Pass from LAN network to y.y.y.y/24 destination port 53
    Block from LAN network to y.y.y.y/24
    Pass from LAN network to any (normal default outbound rule)

    That would only allow traffic going to port 53 on any system in the y.y.y.y network to enter the tunnel. If the subnet mask isn't /24 on that, change it to what you need.

  • Thank you Jimp for your answer, I tried but it still doesn't work.

    I waist long days on this, to try or find something on forum, tuto, howto… But I still don't know why my packets doesn't go through the VPN.

    So I'll post all my configuration to see if you could understand and explain me what happen.

    So, first, My IPSEC tunnel :

    I think i read something about SAD, it's not normal if there is nothing in… right?

    My NAT config :

    And Outbound is on "Automatic outbound NAT rules generation (IPSEC passthrough)"

    My RULES :

    And my logs IPSEC :

    So if you find what's wrong… tell me, thanks a lot!!