Bridge IPSec Interfaces? *Resolved* - [It was a nice try]
-
Hi.
In PFsense 2.0, are we able to bridge IPSec interfaces?
I'm asking because I'd like to use the same IP Addressing scheme for VOIP across Vlan networks via IPSec Tunnel.
-
No, that is not possible. I'm not sure there is any way to pull that off, even using IPsec in transport mode with GRE I don't think bridging works in that way.
It's more of a headache than a help to use the same subnet in multiple locations. There is little to be gained from doing that.
-
Hi Jimp,
Again, thanks very much for replying.
For bridging via IPSec, I was thinking the two tunnels would have their own IP Addresses.
>>>>>>>>>>>BRIDGED<<<<<<<<<<<
[ Site A LAN] โ-Tunnel Interface on Site A - 192.168.100.1======192.168.100.2 - Tunnel interface on Site B --- [Site B LAN]
[ Site A LAN DHCP โ--------->--------->-------- Populates Site B LAN ------<---------<--------DHCP Requests Site B LAN ]
[ โ-------------------------------------------------192.168.1.0/24----------------------------------------------------- ]If this can't be done via IPSec, then fooget ahbout it!
I've got DSL bridging happening this way, so it was just a thought. thanks for replying..Jits
-
It can't be done with pfSense. With a WatchGuard running XTM firmware that is possible using 1:1 NAT in VPNโฆ
Both sides would use the same ip network but you can configure the tunnel with networks you like and then it would be 1:1 NATed...
Still that config would be a little different than your picture, but as Jim said, that is not possible... -
Even if you could do do 1:1 NAT like that with IPsec, it still wouldn't pass DHCP and broadcasts.
Though OpenVPN has a tap mode that does bridging, last I heard it didn't work all that well. You could also do that 1:1 NAT trick with OpenVPN but it would take quite a bit of finesse to make it happen.
-
Okay. Thanks.
Jits