4. VPN Default Route

VPN Default Route

  • S

    Hi,

    Firstly sorry if this is in the wrong place. I have a pfsense cluster in our DC Rack which is connected directly to our ISPs WAN. We have a number of IPSEC connections coming in to the cluster.

    We have recently had a request from a customer who has our VPN Services (primarily used for VoIP) for Web Filtering. The customer sites we use Draytek routers and these connect using ipsec with no problems. The drayteks have an option to change the default route to be the VPN tunnel.

    I have done this as a test and i can see the traffic hitting the pfsense firewall (and being blocked). I have added some rules to allow this traffic to pass (i have confirmed this by logging the rules). What i would like to do is pass internet traffic from the customer network over the VPN to the pfsense and out (we will be putting some filtering in place at the ISP end). I can see the external traffic arriving at pfsense but it goes nowhere. I've seen some tech notes which relate to sonic wall which suggest using a NAT rule to get the traffic "out", ive setup an outbound NAT rule but it doesnt seem to work.

    Any ideas on how to get this to work?

    Cheers

    Steve

    0
  • Rebel Alliance Developer Netgate

    Usually so long as the IPsec Phase 2 matches (0.0.0.0/0 as local on your side of the P2), the firewall rules on the IPsec tab match, and your outbound NAT is set to manual and has a rule for the remote P2 network, then it would work.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy