Ipsec and routing .. pretty please



  • Hi guys,
    I have some problems related to routing trafic to a remote IPsec network.
    I think I might need your help since I really don't know how to make this thing work.
    First I would like to apoligize since my notions on IPSEC and Routing are fairly basic , so please be patient.
    I have one PF sense box with 2 WANs and 2 LANs.
    WAN1: default GW
    WAN2: secondary GW (no auto fialover) + openvpn server interface +  ipsec tunnel (another one, not the one I'm having problems with)
    LAN: office LAN (192.168.39.0/24)
    LAN2: guest dedicate net (192.168.80.0/24)

    Now I must establish anew IPsec tunnel with a BIG company that is imposing a config I cannot do anything about and so I have to cope with it.
    My LAN has address 192.168.39.0/24 and the other company will not accept this network on my side of the tunnel since they already use 192.168.xx.xx networks for other pourposes and will never change their net assignment policy for me (maybe I'm not charming enough…)
    So they configured the tunnel with net 10.240.114.0/24 for my side and one single address on their side : 10.254.154.154/32.
    Now I have created a new LAN (TRANSPORTLI) on a new interface whith address 10.240.114.254 in order to have the appropriate network on my side of the tunnel.
    And the tunnel is up and running: if I ping the remote address from the new network interface (TRANSPORTLI)  I get the reply.
    My problem now is: how do I route and NAT my local network to the remote endpoint fo this new IPsec tunnel?
    If I traceroute form the my original LAN (192.168.39.0/24) the 10.254.154.154 host  (IPSEC endpoint) I get routed through my default gw and not throught LAN3.
    How can I make a rule that will allow packets from my LAN to go through TRANSPORTLI and, to a remote host behind this IPSEc tunnel?
    This would be easy separating firewalls from routers from VPN endpoints, much to my regret they can while I don't have the money and the skill to do so.
    I'm using PFsense 2.0-RC1.
    Thanks for your kind assistance.

    Alberto



  • Hello guys,
    please a really need a help, even a RTFM (telling which manual) would be much appreciated.
    Thanks for your time

    Alberto


Log in to reply