Creating a route into ipsec tunnel - is it possible?



  • Hello everyone.
    Is there any possibility to route traffic to single host or subnet into tunnel in 2.0 version?
    Setup example:

    local network 192.168.1.0/24
    local external ip 1.1.1.1
    isp's gateway 1.1.1.2

    remote network 192.168.2.0/24
    remote ipsec gateway - 2.2.2.2

    tunnel is up and running.

    i need to route packets for 2.2.2.2 into tunnel (remote side only accepts encrypted packets after ipsec up and i have to access it by public ip, can't use private remote ips).
    But i can't understand how to create routing rule for it - should i use internal ip of remote gateway to route it automatically, what interface should i use? And i'm afraid that when the tunnel will go down it won't be raised again because of that route and it's unavailability.


  • Rebel Alliance Developer Netgate

    You can't route over IPsec in tunnel mode in the traditional sense.

    To do what you're after, you might just need an additional phase 2 entry on both ends of the tunnel for 192.168.1.0/24 <-> 2.2.2.2



  • Thank you, it worked!


Locked