Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Say No to Splittunneling

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maynarja
      last edited by

      I must be missing something obvious.

      I am trying to force all traffic throught the tunnel (internet and local traffic). I do not want to use split tunneling which works fine.

      pfSense –- vpn remote network = 0.0.0.0 0.0.0.0
      PIX -----  IPsec Rule = 0.0.0.0 0.0.0.0 with destination 10.1.1.0 255.255.255.0

      I can get to everything into the core network and all subnets even if I add RRI on the PIX still I get no internet.

      1 Reply Last reply Reply Quote 0
      • M
        maynarja
        last edited by

        I am looking into this configuration and will post the results. If anyone has a comment please post.

        PIX Config
        access-list IPSEC_21 permit ip 0.0.0.0 0.0.0.0 10.2.2.0 255.255.255.0
        same-security-traffic permit intra-interface

        pfSense
        remote 0.0.0.0 0.0.0.0
        remote gw [staticPublicIP]

        use 0.0.0.0 0.0.0.0 to force all traffic through the tunnel?
        use "same-security-traffic permit intra-interface" to allow all traffic to return out the same interface it is recieved?

        1 Reply Last reply Reply Quote 0
        • X
          xibalba
          last edited by

          maybe you could force everyone to connect to a SOCKS proxy? or add a pkg to pfSense for a transparent SOCKS proxy simliar to how the transparent squid pkg works.

          1 Reply Last reply Reply Quote 0
          • A
            aldo
            last edited by

            @maynarja:

            I am looking into this configuration and will post the results. If anyone has a comment please post.

            PIX Config
            access-list IPSEC_21 permit ip 0.0.0.0 0.0.0.0 10.2.2.0 255.255.255.0
            same-security-traffic permit intra-interface

            pfSense
            remote 0.0.0.0 0.0.0.0
            remote gw [staticPublicIP]

            use 0.0.0.0 0.0.0.0 to force all traffic through the tunnel?
            use "same-security-traffic permit intra-interface" to allow all traffic to return out the same interface it is recieved?

            i had a configuration same as this running on pfsense a yer or so ago for a test works fine.
            had the modify the config.xml file to add the 0.0.0.0 into the remote area but all was fine on reboot

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.