Tunnel with custom default gateway on WAN



  • I'm trying to connect the internal network of two esxi boxes using ipsec. The setup is working in my homelab just perfect, but I'm having trouble setting everything up and running on OVH.

    OVH has a restriction to use the main IP of the server for every ip subnet as a gateway.

    Consider you have the following IP: 23.44.22.1
    And this subnet: 4.123.44.36/30

    You'd have to use 23.44.22.254 as a gateway for every ip in 4.123.44.36/30.

    I'm using shellcmd to set up the following routes for the WAN interface:

    route add -net 23.44.22.254/32 -iface em0
    route add default 23.44.22.254

    This is working and I get connectivity on the WAN and the internal network. I've setup ipsec between my two pfsense hosts using LAN 192.168.0.1/24 and LAN 192.168.1.1/24 just like in my homelab (added firewall rules, made sure ipsec connects and stays alive). Everything seems to work, except when I try to connect to a host on the other side of the net. I'm not even able to ping the internal address of the other pfsense box.

    I think the problem is that pfsense routes all traffic over the 23.44.22.254 gateway I added with shellcmd to get WAN connectivity.

    Any ideas?



  • allowed also all traffic in ipsec tunnel? (rule)



  • Yep (ipsec): IPv4 * * * * * *



  • Hello, I'm in the same boat, so I'm curious to know if you managed to setup your IPSec tunnel on the OVH infrastructure?

    Thanks.
    Nicolas