Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy based routing of network traffic comming in via IPsec

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pad0
      last edited by

      Hi All,

      I am experiencing some issues with my IPsec VPN and policy based routing. Maybe you can help me?

      I am running a road warrior IPsec VPN configuration on pfsense to protect my smartphone traffic when I am connected to a public hotspot. Any traffic coming in from the smartphone should be routed to a second VPN Gateway hosted on my LAN.

      My goal is to route all traffic from the VPN to my second VPN Gateway. Therefore, I have created a Gateway (System > Routing > Gateways) and added a firewall rule for the IPsec interface (Firewall > Rules > IPsec) which specifies my second VPN router as Gateway.

      These are the details:

      Gateway definition:
      Interface: LAN
      Address Family: IPv4
      Name: Second VPN Gateway
      Gateway: <ip address="" of="" second="" vpn="" gateway="">Default GW: false
      Disable GW monitoring: true

      Rule definition:
      Action: pass
      Disabled: false
      Interface: IPsec
      TCP/IP Version: IPv4
      Protocol: any
      Source: any
      Destination: not LAN subnet
      Log: true
      Gateway: Second VPN Gateway

      However, when I want to access a system which is not on my LAN the packet is routed via the default gateway and not the gateway specified in the rule (verified using tcpdump on pfsense and my second VPN gateway). This is however contrary to the log event created by pfsense which indicates that the packet was sent to the second VPN Gateway.

      @70 pass in log quick on enc0 route-to (vr0 <ip 24="" address="" of="" second="" vpn="" gateway)="" inet="" from="" any="" to="" !="" 192.168.x.0="" flags="" s="" sa="" keep="" state="" label="" "user_rule:="" ipv4"<br="">My pfsense firewall is connected to the internet (vr2) and LAN (vr0).

      Thank you for your help.

      BTW: I am running 2.1-RELEASE (i386) built on Wed Sep 11 18:16:44 EDT 2013
      FreeBSD host.localdomain 8.3-RELEASE-p11 FreeBSD 8.3-RELEASE-p11 #0: Wed Sep 11 19:13:36 EDT 2013 root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386 on an ALIX board.

      Cheers,

      Frank</ip></ip>

      1 Reply Last reply Reply Quote 0
      • P
        pad0
        last edited by

        Sorry for pushing :p

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.