[Solved] Howto route local traffic between diff. Subnets AND IPSEC supernetting
-
Here's my setup:
Site 1, pfsense 2.2.2
LAN A => 192.168.0.1/24
LAN B => 192.168.1.1/24Site 2, pfsense 2.2.2
LAN => 192.168.100.1/24Mission:
Route all traffic from Site1 thru Site2
but still allow routing locally from LAN A to LAN B.Setup:
IPSEC Phase 1 connects to Site 2 (sucessfull)
IPSEC Phase 2: LAN A to 0.0.0.0/0 (sucessfull)
IPSEC Phase 2: LAN B to 0.0.0.0/0 (sucessfull)The tunnel comes up and traffic is passing thru.
Unfortunalty, LAN A now can't reach LAN B locally anymore.
What do I have to do to make LAN B locally available for LAN A.
cu
Ben -
How about using a layer 3 switch and have the switch be the primary gateway and do inter-vlan routing between both subnets at the switch and have all other traffic go to the pfsense. another option is to throw a router in between your pfsense and your switch and have that be the gateway.
That way pfsense does not have to handle the routing of the 2 subnets and your ipsec routing should not interfere.
You can either go opensource with a switch or router or go with Cisco SMB Switch
-
There isn't a way to accommodate that in the GUI currently. The "conn bypasslan" entry in ipsec.conf, generated by /etc/inc/vpn.inc, adds a passthrough but only for the LAN's subnet. That could be easily changed to hard code your LAN subnets in vpn.inc as a work around. There is a feature request open to add that functionality in the future.
-
Thanks for your answers.
Here's how I've solved the problem:
I set up my ipsec connection and "phased around" all my LAN Subnets in Phase 2. To route around, I just needed a couple of phase 2 entries.0.0.0.0/1
128.0.0.0/2
192.0.0.0/9
192.128.0.0/11
192.160.0.0/13
…cu
Ben