How to route traffic over ipsec vpn?



  • Hello everyone!

    I've successfully connected 2 different networks with 2 pfsense machines running on both sides through IPSec VPN.
    The question is how can i route specific traffic from network A to a pc on network B through the VPN?
    For example suppose tha net A uses 192.168.1.0/24 range and net B 10.1.1.0/24 range and i want to route 10.2.0.0./16 traffic from 192.168.1.4 pc on net A to a linux box router 10.1.1.2 on the net B..i tried something like this on the pc of net A: route add 10.2.0.0 mask 255.255.0.0 10.1.1.2 -p but it tells me that this gateway lies on a different network…

    thank you



  • Hi,

    when routing, you must always give up the next hop router at your own network

    e.g.:

    net A <====VPN TUNNEL====> net B <router> net C

    where:
    net A = 192.168.1.0/24
    net B = 10.1.1.0/24
    net C = 10.2.0.0/16
    then gateway to 10.2.0.0 on net A should 192.168.1.x (pfSense LAN ip in net A)
    of course you will need to tell pfSense somewhere that not only 10.1.1.0/24 is at the other end of the tunnel, but also 10.2.0.0 (don't know exactly how you can do this, don't have any ipsec tunnels running up here)

    MickeyByte



  • Install routes in System -> Static Routes



  • Hi again and thnx for the response!

    I tried the static routes but when i go to select the interface it has only LAN,WAN,PPTP and OPT1 but not IPSEC,so how can i put this static route?
    destination i put 10.2.0.0/16 but as gateway what sould i put?(i want to reach 10.1.1.2 as gateway)

    My default gateway on net A is 192.168.1.1 and on net B 10.1.1.1



  • Guess that should be the next router to that network, so 10.1.1.2 (if that is the router to you 10.2.0.0 network)



  • Please, some help!!!
    I have followed all the tutorials that I've found in PFSense and mOnO site.
    I have configured just like that, and there is no tunnel. I look into SAD tab and nothing, but into SPD show me both records.
    Somebody has a working example? Please send it or tell where I can read or download.
    Thanks a lot.
    Diego

    @acidrop:

    Hello everyone!

    I've successfully connected 2 different networks with 2 pfsense machines running on both sides through IPSec VPN.
    The question is how can i route specific traffic from network A to a pc on network B through the VPN?
    For example suppose tha net A uses 192.168.1.0/24 range and net B 10.1.1.0/24 range and i want to route 10.2.0.0./16 traffic from 192.168.1.4 pc on net A to a linux box router 10.1.1.2 on the net B..i tried something like this on the pc of net A: route add 10.2.0.0 mask 255.255.0.0 10.1.1.2 -p but it tells me that this gateway lies on a different network…

    thank you



  • I answered that at the m0n0 list a long time ago in a galaxy far far away: http://www.m0n0.ch/wall/list/showmsg.php?id=160/29
    It's the same situation with pfSense atm. Using static routes across VPN-Tunnels doesn't work yet.


Log in to reply