Simple policy route



  • Hi all

    i'd like to route a destination ip over ipsec to my other gateway. I'm used to do it over the policy route with a zywall 5 - but i just cant find anything in the pfsense that resembles this. I have seen that you can add a gateway in a firewall rule, but i can only choose default. Can i define my other gateways internal ip adress somewhere so i get them in the drop down list??

    how is it done - if it can be done?


  • Rebel Alliance Developer Netgate

    There isn't any way in the firewall rules to apply that kind of policy for IPsec.

    If you make the IP you want to go over IPsec the remote side of the IPsec phase 2 subnet, that would do the trick.

    This isn't so easy on 1.2.3, but on 2.0 you can just add an additional Phase 2 entry to match the traffic.



  • thx, that might work. The problem there is that i can not specify single ip adresses so i would need to define a subnet of an external ip range … tricky...


  • Rebel Alliance Developer Netgate

    On 2.0 you can do it by either picking 'address' for the type, or just enter x.x.x.x/32 for a single IP. On 1.2.3 just do x.x.x.x/32.


Locked