Site to Site with routing of trafic to extra vpn router

affe

Hello
I have a settup with a ipsec site to site <site 24="" a="" 10.11.0.0=""><site 24="" b="" 10.11.1.0="">and this works flawless, now I need to route some specific trafic in both sites to a new gateway that creates a vpn tunnel to a center and they dont whant to involve my routers, this is placed on 10.11.0.3, I put in the static routing on site A and on site B and on site A the routing works but doing a trace from site B shows that it go straight out on internet. Im guessing I have done something wrong just dont know what.

Something I notices is that in Site B under "Diagnostics > Routes" the route turns up with 10.11.1.0.3.
![IPSEC tunnels.png](/public/imported_attachments/1/IPSEC tunnels.png)
![IPSEC tunnels.png_thumb](/public/imported_attachments/1/IPSEC tunnels.png_thumb)</site></site>

affe

Is there anyone who knows how to do this? If there is some additional information needed that could help understanding my setup then ask away.

darnitol

Can you post screenshots of the routing pages in Sites A and B?

affe

In the end I decided to leave ipsec and use openvpn instead. I just forgot to close the tread.

craigduff

The answer for me.. Would be to do a route add command onto pfsense and tell it where to route the traffic. And point it the new gateway. Sorry for the late reply.

GruensFroeschli

With OpenVPN yes.
But this doesn't really work with IPSEC.

Umberto

Routing over an ipsec tunnel won't work.
What you can do is make a ipsec tunnel in transport mode and put a GRE tunnel on top, then you can route whatever you want.