IPSEC able to push route like OpenVPN?

  • Hi all,

    I have configured IPSEC mobile access and I am up and running and able to hit anything behind the firewall via the IPsec tunnel for mobile clients. My question is, can you push routes for external hosts like you can in OpenVPN config? I am trying to push traffic for external hosts in remote locations over the tunnel. This is easily done with "push route" in OpenVPN but I do not know if/how this can be done in IPsec.

  • Rebel Alliance Developer Netgate

    No, you can't route traffic quite the same way with IPsec as you can with OpenVPN.

    With mobile tunnels this is a little more relaxed, but you still need to specify these subnets for the tunnel on the client side. If these networks are not locally reachable by pfSense you will also need to add manual NAT rules which will NAT the traffic from your mobile client IP(s) out the pfSense WAN.

    This is a little better in 2.0 where you can specify to send a list of accessible networks to the IPsec client, but you still can't specify arbitrary subnets.

Log in to reply