Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec and routing .. pretty please

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bittone66
      last edited by

      Hi guys,
      I have some problems related to routing trafic to a remote IPsec network.
      I think I might need your help since I really don't know how to make this thing work.
      First I would like to apoligize since my notions on IPSEC and Routing are fairly basic , so please be patient.
      I have one PF sense box with 2 WANs and 2 LANs.
      WAN1: default GW
      WAN2: secondary GW (no auto fialover) + openvpn server interface +  ipsec tunnel (another one, not the one I'm having problems with)
      LAN: office LAN (192.168.39.0/24)
      LAN2: guest dedicate net (192.168.80.0/24)

      Now I must establish anew IPsec tunnel with a BIG company that is imposing a config I cannot do anything about and so I have to cope with it.
      My LAN has address 192.168.39.0/24 and the other company will not accept this network on my side of the tunnel since they already use 192.168.xx.xx networks for other pourposes and will never change their net assignment policy for me (maybe I'm not charming enough…)
      So they configured the tunnel with net 10.240.114.0/24 for my side and one single address on their side : 10.254.154.154/32.
      Now I have created a new LAN (TRANSPORTLI) on a new interface whith address 10.240.114.254 in order to have the appropriate network on my side of the tunnel.
      And the tunnel is up and running: if I ping the remote address from the new network interface (TRANSPORTLI)  I get the reply.
      My problem now is: how do I route and NAT my local network to the remote endpoint fo this new IPsec tunnel?
      If I traceroute form the my original LAN (192.168.39.0/24) the 10.254.154.154 host  (IPSEC endpoint) I get routed through my default gw and not throught LAN3.
      How can I make a rule that will allow packets from my LAN to go through TRANSPORTLI and, to a remote host behind this IPSEc tunnel?
      This would be easy separating firewalls from routers from VPN endpoints, much to my regret they can while I don't have the money and the skill to do so.
      I'm using PFsense 2.0-RC1.
      Thanks for your kind assistance.

      Alberto

      1 Reply Last reply Reply Quote 0
      • B
        Bittone66
        last edited by

        Hello guys,
        please a really need a help, even a RTFM (telling which manual) would be much appreciated.
        Thanks for your time

        Alberto

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.