Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-site tunnel in transparent mode?

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 5.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andys
      last edited by

      We’re currently looking to update a SonicWall on our network with a pfSense appliance. One of the features that we use at the moment is the ability to run the SonicWall in transparent mode and still handle our site-to-site VPN tunnel.

      If we run pfSense (currently trialling 1.2.3) as a transparent bridge is it possible to have an IPSec tunnel terminated on pfSense?

      When I tried to set a tunnel up I could send traffic into our network, but the return traffic isn’t being put onto the tunnel presumably because the server is using our router as a gateway rather than pfSense.

      I’ve attached a diagram showing the layout we’re trying to achieve. Is this something that’s possible in bridge mode or do we have to use Route/NAT mode?

      pfsense.jpg
      pfsense.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        It will certainly be a thousand times easier to configure if you have pfSense doing the NATing and then set up the IPSEC endpoint.  pfSense will definitely terminate a VPN endpoint with Sonicwall, its just a matter of matching up the fields.

        1 Reply Last reply Reply Quote 0
        • A
          andys
          last edited by

          Thanks, I've already managed to get a tunnel up and running successfully when routing between the LAN/WAN in a test setup. I'm just wondering if there's a way to do it transparently to avoid having to re-number some of the addresses?

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            Not the way you have your network laid out.  Honestly, re-working it really wouldn't be that painful.  You would either configure your router to pass traffic transparently, and then have your LAN interface on pfSense be 8.8.8.1/24 (I hope you're not actually using this network space on your LAN), or you could keep the network configuration basically the same and double-NAT on pfSense and your router.  Alternatively, you could advertise routes to the remote network using 8.8.8.5 as the gateway.

            Each of these options has merits and drawbacks depending on the size of your network how things are set up inside it.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.