Routing everything over ipsec



  • Hi All,

    I currently have a situation where I have two LANs connected via an ipsec.  Only site 1 has internet access so I would like to send all non local subnet traffic on site 2 over my ipsec to the site 1 effectively allowing site 2 access to the internet.  I have tried specifying a route on site 2's LAN interface of 0.0.0.0/32 with a gateway of site 1's LAN interface but that does not seem to work.  Am I missing something or is this even possible?

    This is a bit difficult to explain but effectively this is what I have:

    INTERNET
          |
          |
    |–-------|              ipsec            |---------|
    | Site 1    |NIC-----------------NIC| Site 2    |
    |---------|                                  |---------|
          |                                                  |
        LAN                                            LAN

    I have been banging my head against this for a while now but cannot come up with a solution.  Any help would be much appreciated.



  • Bump

    Anyone know if this is possible?  Effectively I am trying to use a machine on the other side of my ipsec as my gateway for anything not on the local subnet.  My ipsec is working correctly and I can route to everything on both sides.  I have added a test route of 8.8.8.0/24 into my firewall with the gateway of my firewall on the other side of my ipsec.  When I try to ping 8.8.8.8, google's open DNS server, I get 100% packet loss. When I try to traceroute to 8.8.8.8 I get this output:

    traceroute: wrote 8.8.8.8 40 chars, ret=-1

    Any ideas greatly appreciated as I have pretty much exhausted everything I can think of to resolve the issue.



  • For anyone else experiencing this problem I have just found this

    http://forum.pfsense.org/index.php/topic,3701.0.html

    I'm going to give it a try now.  I'll post back how I get on.


Log in to reply