Selectively routing traffic across IPSEC Tunnel

  • I currently have a single WAN setup that works great.  I want to setup a VPN tunnel/gateway to bypass ISP restrictions etc.  I only want to do this with specific protocols/ports.  I want all other traffic to route out thru the regular WAN interface.

    I would like to setup pfsense to use the SwissVPN ( service as they are cheap and offer a free test account.  Below is the connection information they give as a reference.

    _Testing L2TP/IPsec VPN

    As an alternative to PPTP, and more efficient than SSTP/OpenVPN, you can now also connect to SwissVPN via L2TP over IPsec.

    Please use the following server address:
    Pre-Shared Key: SwissVPN

    Windows 7®, Mac OS X® 10.7 and Apple iOS® (iPhone®/iPad®) are known to work. All features (firewall, IPv6, test account) work just like with PPTP VPN._

    That seems quite simple but the pfsense dialogs ask for a lot more information that seems particular to site to site connections with known remote networks.  I have configured the connection by leaving most of the rest at default values.  I don't seem anything in the log that indicates whether the connection is online or not.

    My questions are (1) How can I confirm the ipsec connection is online and authenticated?  (2) How do I configure an interface for the ipsec tunnel so that I can selectively route traffic like I could in a Multi-WAN configuration?  (3)  Am I making any assumptions about the use of IPSEC in pfsense that are incorrect in how this would work?  (4) Are there any documentation links on how to do this type of setup?

  • Rebel Alliance Developer Netgate

    I'm not sure if pfSense can connect to L2TP+IPsec like that. I know it can't be an L2TP+IPsec server but as a client it might work.

    You'd have to setup the IPsec settings separately from the L2TP settings, and I'm not sure what assumptions are made by the Windows L2TP+IPsec client but it may take some experimentation to dial that in… assuming it can work at all.

  • If I may offer a suggestion: In this case just go with OpenVPN.

    The other options they offer (PPTP, L2TP/IPsec etc) are meant for those using their PCs to connect and prefer not to install 3rd party VPN tools.

Log in to reply