NAT Over IPSEC ( How to use your neighbor ipsecs WAN address when you browse ? )

  • Hello PfSense people!

    I'm wondering if such a solution is possible?

    My Germany VM's behind pfsense MAY not be shown as when they connect to the internet.
    I want all my Germany servers to communicate in and out via IPSEC and out on the internet on in France.

    Is this possible? I'm running PfSense version 2.1.4 in Germany, and 2.1.3 in France.

    Attached Picture.

    Good summer to you all!

    ![Network example.png](/public/imported_attachments/1/Network example.png)
    ![Network example.png_thumb](/public/imported_attachments/1/Network example.png_thumb)

  • Just trying to understand your scenario, are you talking about the public WAN address of the German pfSense possibly changing (due to ISP, or whatever)?  If so, you might want to simply implement some kind of Dynamic DNS (could be done for both France and Germany).

    If this isn't what you mean, please explain the situation further.

  • Hello Divsys!

    Thank you for your reply!

    Well the scanario is that, I want all my trafic in Germany to go in and out from my france WAN.

    In france I do have a DDOS protection, which I want my clients in Germany want to benefit of.

    The datacenter in Germany doesn't provide any ddos protection at the moment, which results in many null routes daily.

    So right now it's important for me to make ALL communication in germany over the IPSEC and use France WAN for communication.

    I'm also wondering if it will be possible to Port forward on France PfSense, to my Germany LAN side?

    I hope this is well enough explained.

    Thank you once again for your reply!


  • Thanks for the explanation.  I would hazard a guess that you should be able to redirect all internet traffic from the Germany LAN through the IPSEC.

    Unfortunately this is well outside my expert zone (if I even have one).

    Hopefully someone else can chime in with some pointers in the right direction.

Log in to reply