VPN Default Route

  • Hi,

    Firstly sorry if this is in the wrong place. I have a pfsense cluster in our DC Rack which is connected directly to our ISPs WAN. We have a number of IPSEC connections coming in to the cluster.

    We have recently had a request from a customer who has our VPN Services (primarily used for VoIP) for Web Filtering. The customer sites we use Draytek routers and these connect using ipsec with no problems. The drayteks have an option to change the default route to be the VPN tunnel.

    I have done this as a test and i can see the traffic hitting the pfsense firewall (and being blocked). I have added some rules to allow this traffic to pass (i have confirmed this by logging the rules). What i would like to do is pass internet traffic from the customer network over the VPN to the pfsense and out (we will be putting some filtering in place at the ISP end). I can see the external traffic arriving at pfsense but it goes nowhere. I've seen some tech notes which relate to sonic wall which suggest using a NAT rule to get the traffic "out", ive setup an outbound NAT rule but it doesnt seem to work.

    Any ideas on how to get this to work?



  • Rebel Alliance Developer Netgate

    Usually so long as the IPsec Phase 2 matches ( as local on your side of the P2), the firewall rules on the IPsec tab match, and your outbound NAT is set to manual and has a rule for the remote P2 network, then it would work.

Log in to reply