IPSEC with especific Lan address but in diferent network of Lan



  • Let me explain what I need

    I have a IPSEC with a partner that work perfect but the rulle only work with a especific LAN Addres, this addres is a Valid IP "78.0.10.X".
    And my network is 192.168.0.x.
    the solution I use now is put de Pfsense behind a other Pfsense machine and distribute this VPN for all network.
    Has any other whay to do this with only one Pfsense machine.
    and How. I dont have Skil's in Linux and i love the way Pfsense works for me. Your inteface is very intuitive.

    Please Help-me
    ???
    joaoafricano@gmail.com



  • Coul you show me a small ascii art of what you are doing currently with the 2 pfSenses and the other endpoint? Also tell me IPs of the pfSense's WANs. I guess you shoul be able to do this with CARP (at least if the WAN IPs of both pfSense Systems are in the same subnetrange).



  • @hoba:

    Coul you show me a small ascii art of what you are doing currently with the 2 pfSenses and the other endpoint? Also tell me IPs of the pfSense's WANs. I guess you shoul be able to do this with CARP (at least if the WAN IPs of both pfSense Systems are in the same subnetrange).

    this the configuratio:

    ____                                          ____                                                ____
                                    |      |                                        |      |                                              |      |
        My LAN      LAN2 |  2o |  Wan2                  LAN1    |  1o |  Wan1                      Partner  |      |
        192.168.0.X        |      |  78.0.10.97  78.0.10.100|      | Internet ADD    Internet ADD |      |
                                    –-----                                          -------                                                -------

    My Lan is serviced By second Pfsense and the first Pfsense is the responsible for the VPN connection.
    the partner support say that is possible to make a NAT from the 78.0.10.97 to 192.168.0.x but I don't now how
    I try Virtual IP and a VLAN but don't work or i don't do the right.



  • @joaoafricano:

    @hoba:

    Coul you show me a small ascii art of what you are doing currently with the 2 pfSenses and the other endpoint? Also tell me IPs of the pfSense's WANs. I guess you shoul be able to do this with CARP (at least if the WAN IPs of both pfSense Systems are in the same subnetrange).

    this the configuratio:

    ____                                          ____                                                ____
                                    |      |                                        |      |                                              |      |
        My LAN      LAN2 |  2o |  Wan2                  LAN1    |  1o |  Wan1                      Partner  |      |
        192.168.0.X        |      |  78.0.10.97  78.0.10.100|      | Internet ADD    Internet ADD |      |
                                    –-----                                          -------                                                -------

    My Lan is serviced By second Pfsense and the first Pfsense is the responsible for the VPN connection.
    the partner support say that is possible to make a NAT from the 78.0.10.97 to 192.168.0.x but I don't now how
    I try Virtual IP and a VLAN but don't work or i don't do the right.

    I forguet some information you ask me

    My Lan: 192.168.0.x/24
    LAN2 ..: 192.168.0.253/24
    WAN2.: 78.0.10.97/28 witdhout this address the VPN cant stablish
    LAN1…: 78.0.10.100/28
    WAN1.:  200.190.x.x/24

    What i need is put the VPN on MY LAN throug 78.0.10.97/28



  • ok here is something to try:

    • Use the first system and change the LAN subnet to the LAN of the second system.
    • Set up a vlan at interface at wan and assign it as an interface with IP 78.0.10.97/28 (we won't use it for anything else but encapsulating the tunnel). Then create a firewallrule at WAN to pass the needed ports and protocols (just like you maybe have now already unless you establish the tunnel from your end to the remote site). Then create the IPSEC-Tunnel at the vlan interface. It might or might not work. Maybe I'm missing something but it could work  ;)


  • Make sure you are running a recent snapshot.  I fixed a number of bugs and design issues with IPSEC and using non WAN interfaces.



  • @sullrich:

    Make sure you are running a recent snapshot.  I fixed a number of bugs and design issues with IPSEC and using non WAN interfaces.

    Where I find the last snapshot to download??





  • @hoba:

    ok here is something to try:

    • Use the first system and change the LAN subnet to the LAN of the second system.
    • Set up a vlan at interface at wan and assign it as an interface with IP 78.0.10.97/28 (we won't use it for anything else but encapsulating the tunnel). Then create a firewallrule at WAN to pass the needed ports and protocols (just like you maybe have now already unless you establish the tunnel from your end to the remote site). Then create the IPSEC-Tunnel at the vlan interface. It might or might not work. Maybe I'm missing something but it could work  ;)

    I Try this configuration but VPN only stablished whem I put another computer im the Network with the especific IP
    Whem I put this especific IP in Vlan then the VPN cant stablished. I try to change de LAN ip addres of PFsense to this especific ip and VPN still not connect



  • Hi, now I cam stablish a VPN with a Vlan on WAN interface but i cam only ping fron the pfsense itself.

    Any sugestion on how i cam make a route, nat or a rule from the LAN 192.168.0.0/24 to a VLAN 78.0.10.96/28.


Log in to reply