Virtual Network for IPSec

  • Hi folks,

    I'm using pfsense 2.0 BETA4 for some tests.

    I have 2 internal networks, LAN ( and DMZ (

    The thing is that the IPsec is configured on phase 2 to network to (The client couldn't change this, I'm just the client on Ipsec. =P)

    So when my network try access a network it's needs to pass throught a nonexistent network before get the WAN.

    Is that possible create some kind of virtual network so I can use this Ipsec connection ?

    I'm sorry if here is not the best place to post this.



  • Rebel Alliance Developer Netgate

    It's not easily done in 1.2.3, since you can't do NAT on IPsec.

    What some people do is add another network interface to their main router, and give it an IP in 192.168.6.x. Then setup another pfsense box with its "wan" in 192.168.6.x, and its LAN in one of your existing internal networks. Then set a static route that points traffic to the 10.x network to the "lan" IP of the second router.

    In 2.0 you may be able to setup 1:1 or outbound NAT rules on the IPsec interface to accomplish this, but I haven't tried that yet myself.

  • jimp,

    Thanks for your reply.

    Can you tell me how can I set up this 1:1 or outbound NAT on my IpSec interface ?

    Thank you.


Log in to reply