Say No to Splittunneling



  • I must be missing something obvious.

    I am trying to force all traffic throught the tunnel (internet and local traffic). I do not want to use split tunneling which works fine.

    pfSense –- vpn remote network = 0.0.0.0 0.0.0.0
    PIX -----  IPsec Rule = 0.0.0.0 0.0.0.0 with destination 10.1.1.0 255.255.255.0

    I can get to everything into the core network and all subnets even if I add RRI on the PIX still I get no internet.



  • I am looking into this configuration and will post the results. If anyone has a comment please post.

    PIX Config
    access-list IPSEC_21 permit ip 0.0.0.0 0.0.0.0 10.2.2.0 255.255.255.0
    same-security-traffic permit intra-interface

    pfSense
    remote 0.0.0.0 0.0.0.0
    remote gw [staticPublicIP]

    use 0.0.0.0 0.0.0.0 to force all traffic through the tunnel?
    use "same-security-traffic permit intra-interface" to allow all traffic to return out the same interface it is recieved?



  • maybe you could force everyone to connect to a SOCKS proxy? or add a pkg to pfSense for a transparent SOCKS proxy simliar to how the transparent squid pkg works.



  • @maynarja:

    I am looking into this configuration and will post the results. If anyone has a comment please post.

    PIX Config
    access-list IPSEC_21 permit ip 0.0.0.0 0.0.0.0 10.2.2.0 255.255.255.0
    same-security-traffic permit intra-interface

    pfSense
    remote 0.0.0.0 0.0.0.0
    remote gw [staticPublicIP]

    use 0.0.0.0 0.0.0.0 to force all traffic through the tunnel?
    use "same-security-traffic permit intra-interface" to allow all traffic to return out the same interface it is recieved?

    i had a configuration same as this running on pfsense a yer or so ago for a test works fine.
    had the modify the config.xml file to add the 0.0.0.0 into the remote area but all was fine on reboot


Log in to reply