Virtual Network for IPSec



  • Hi folks,

    I'm using pfsense 2.0 BETA4 for some tests.

    I have 2 internal networks, LAN (192.168.1.0/24) and DMZ (192.168.10.0/28).

    The thing is that the IPsec is configured on phase 2 to network 192.168.6.0/24 to 10.0.0.0/8 (The client couldn't change this, I'm just the client on Ipsec. =P)

    So when my 192.168.1.0 network try access a 10.0.0.0 network it's needs to pass throught a nonexistent 192.168.6.0 network before get the WAN.

    Is that possible create some kind of virtual network so I can use this Ipsec connection ?

    I'm sorry if here is not the best place to post this.

    Thanks.

    Érico


  • Rebel Alliance Developer Netgate

    It's not easily done in 1.2.3, since you can't do NAT on IPsec.

    What some people do is add another network interface to their main router, and give it an IP in 192.168.6.x. Then setup another pfsense box with its "wan" in 192.168.6.x, and its LAN in one of your existing internal networks. Then set a static route that points traffic to the 10.x network to the "lan" IP of the second router.

    In 2.0 you may be able to setup 1:1 or outbound NAT rules on the IPsec interface to accomplish this, but I haven't tried that yet myself.



  • jimp,

    Thanks for your reply.

    Can you tell me how can I set up this 1:1 or outbound NAT on my IpSec interface ?

    Thank you.

    Érico


Log in to reply