Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy based routing over VPN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grisu95119
      last edited by

      Two networks of our company are to be connected via DSL-VPNs. To achieve more bandwith, wie have 2 DSL wires connected to a pfsense at each site. I set up two VPNs between the two boxes. I would like to  split the traffic by policy based routing on the VPN-Client (in network 2), eg. mail traffic should go via VPN2 (to the mailserver in network1), all other via VPN1 (default gw), the replies should go the same way back.

      network1 (192.168.110.0/24)
                          |
                  vr0(192.168.110.254)
                    pfsense1
                  (OpenVPN server)
        vpn1(192.168.105.1)  vpn2(192.168.105.17)
      vr1(static IP)                  vr2(static IP)
              |                              |
              |                              |

      |                              |
              |                              |
      vr1(static IP)                  vr2(static IP)
        vpn1(192.168.105.2)  vpn2(192.168.105.18)
                  (OpenVPN client)
                    pfsense2
                  vr0(192.168.100.254)
                          |
                network1 (192.168.100.0/24)

      I did several tries with pf, importing the rules with

      pfctl -a ftpproxy -f vpn2

      , vpn2 containing rules like

      pass in log on vr0 route-to (vr1 192.168.105.17) proto tcp from 192.168.100.0/24 to 192.168.110.0/24 port 995 label "MailPOPs" keep state

      but mail traffic is still routed over the default vpn1-path and nothing is logged in the firewall-log.

      I used the ftpproxy-anchor because this seems to be filtered before the firewall-entrys of pfsense.

      Every hint very welcome.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.