Say No to Splittunneling
-
I must be missing something obvious.
I am trying to force all traffic throught the tunnel (internet and local traffic). I do not want to use split tunneling which works fine.
pfSense –- vpn remote network = 0.0.0.0 0.0.0.0
PIX ----- IPsec Rule = 0.0.0.0 0.0.0.0 with destination 10.1.1.0 255.255.255.0I can get to everything into the core network and all subnets even if I add RRI on the PIX still I get no internet.
-
I am looking into this configuration and will post the results. If anyone has a comment please post.
PIX Config
access-list IPSEC_21 permit ip 0.0.0.0 0.0.0.0 10.2.2.0 255.255.255.0
same-security-traffic permit intra-interfacepfSense
remote 0.0.0.0 0.0.0.0
remote gw [staticPublicIP]use 0.0.0.0 0.0.0.0 to force all traffic through the tunnel?
use "same-security-traffic permit intra-interface" to allow all traffic to return out the same interface it is recieved?
-
maybe you could force everyone to connect to a SOCKS proxy? or add a pkg to pfSense for a transparent SOCKS proxy simliar to how the transparent squid pkg works.
-
I am looking into this configuration and will post the results. If anyone has a comment please post.
PIX Config
access-list IPSEC_21 permit ip 0.0.0.0 0.0.0.0 10.2.2.0 255.255.255.0
same-security-traffic permit intra-interfacepfSense
remote 0.0.0.0 0.0.0.0
remote gw [staticPublicIP]use 0.0.0.0 0.0.0.0 to force all traffic through the tunnel?
use "same-security-traffic permit intra-interface" to allow all traffic to return out the same interface it is recieved?i had a configuration same as this running on pfsense a yer or so ago for a test works fine.
had the modify the config.xml file to add the 0.0.0.0 into the remote area but all was fine on reboot