Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Ipsec bridged vpn ?

    IPsec
    3
    7
    5345
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonnyaalgaard.org last edited by

      Does anyone know if it is possible to make an bridged ipsec vpn ? Need to check out this because I am running vmware at 2 different locations, and for failover it would be great to use both vmware farms to run each others virtual machines. Therefore i have played with the idea of using same subnet at both locations. I know there is a option for running bridge vpn with sonicwall, but i prefer Pfsense as i think it is better.
      Also, would it be possible to broadcast netbios over ipsec vpn ? Any help would be Grateful

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        It can be done, but it isn't just IPsec. You can setup IPsec in transport mode between WAN IPs of the hosts, to secure communications between them, and then add a GIF tunnel to connect and pass traffic between the routers, and you can bridge the GIF interface to LAN.

        It works, but I would try to avoid bridging wherever possible.

        Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          jonnyaalgaard.org last edited by

          Thanks Jimp !
          What is GIF? I cannot find GIF anyplace in my firewall. I am using version 1.2.3-release. Do i need to upgrade my version or download a specific package for getting the GIF opportunity?
          Regards

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            It's a type of tunneling interface.

            It's only on 2.0.

            Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • J
              jonnyaalgaard.org last edited by

              Thanks again!
              I will download 2.0 and try it.

              1 Reply Last reply Reply Quote 0
              • N
                nooblet last edited by

                Hi….I'm trying to do the same thing for testing/experimentation purposes...
                I have setup the IPSEC in transport mode, I think I am having trouble with the GIF/bridging piece of it.

                Hopefully someone can help me shed some light on where I am going wrong....my desired end result is a LAN at layer 2 stretched across the WAN (while being secure)

                Right now I cannot ping any hosts on the opposite end of the tunnel

                Below is my config...let me know if you need to see more....all firewall rules for all interfaces except wan are */any

                I should also note that both of these pfsense machines are on vmware esxi boxes...

                Pfsense1






                Pfsense2



                Thanks for any help!

                1 Reply Last reply Reply Quote 0
                • N
                  nooblet last edited by

                  Ok…so this config DOES actually work...I had to set my vmware adapter to 'allow promiscuous mode' (doh), now I can ping hosts on both sides.

                  Hope this helps anyone with a similar issue!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post