Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual Network for IPSec

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ericopf
      last edited by

      Hi folks,

      I'm using pfsense 2.0 BETA4 for some tests.

      I have 2 internal networks, LAN (192.168.1.0/24) and DMZ (192.168.10.0/28).

      The thing is that the IPsec is configured on phase 2 to network 192.168.6.0/24 to 10.0.0.0/8 (The client couldn't change this, I'm just the client on Ipsec. =P)

      So when my 192.168.1.0 network try access a 10.0.0.0 network it's needs to pass throught a nonexistent 192.168.6.0 network before get the WAN.

      Is that possible create some kind of virtual network so I can use this Ipsec connection ?

      I'm sorry if here is not the best place to post this.

      Thanks.

      Érico

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It's not easily done in 1.2.3, since you can't do NAT on IPsec.

        What some people do is add another network interface to their main router, and give it an IP in 192.168.6.x. Then setup another pfsense box with its "wan" in 192.168.6.x, and its LAN in one of your existing internal networks. Then set a static route that points traffic to the 10.x network to the "lan" IP of the second router.

        In 2.0 you may be able to setup 1:1 or outbound NAT rules on the IPsec interface to accomplish this, but I haven't tried that yet myself.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • E
          ericopf
          last edited by

          jimp,

          Thanks for your reply.

          Can you tell me how can I set up this 1:1 or outbound NAT on my IpSec interface ?

          Thank you.

          Érico

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.