2 IPSec tunnels and relayd

der_do

Hi all.

I am using PFSense 2.1 and try to achieve a proxy/relayd between 2 IPSec tunnels.

Here is the setup:

• IPsec1 (Amazon VPC tunnel)
• IPsec2 (Tunnel to other network, only local pfsense network can connect there). The hosts here have all public IP-Adresses, but their firewalls restrict access from everywhere. And: I can not reconfigure those.
• Pfsense hosting both and - of course - the local subnet.

Now:
A client behing IPsec1 needs to be able to connect (https) to a host behind IPSec2

I have set up a Loadbalancer config together with a VIP for this.
I have set up the IPsec1 host to connect via this VIP to the https service in IPsec2
Relayd sees the "Virtual Servers" as down, since its route to IPsec2 goes via WAN and not via the IPsec2 gateway.

How can I tell Pfsense to route all traffic from the VIP to the respective IPsec2 host via the IPsec tunnel?

I have tried to set a Phase 2 entry, which does not work.

Any hints are highly appreciated.
Thanks,
udo.

der_do

Hi again.

I basically found the solution myself: https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

Sometimes its hard to get the search-criteria right.

Cheers.