Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] How can I route loopback traffic through an IPSEC tunnel

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gtrevize
      last edited by

      I have a setup where multiple sites are connected through IPSEC tunnels. Each site has it's own DNS serving an specific internal domain (let's say DOMAIN1.LAN, DOMAIN2.LAN, etc.) so in order to simplify the configuration and also allow all clients to be able to resolve names from all the domains, I setup DNS Resolver on each site pfsense and force it with DHCP to the clients as the default DNS.

      This is not working because despite that the clients can actually reach the internal DNS servers,  the pfsense boxes itselfs can not.

      So the question is, how can I force the traffic from 127.0.0.1 going to the other sites subnets (i.e. 192.168.100.0/24) go through the appropiate tunnel to reach that subnet?

      Manual NAT will not allow to select localhost (loopback) as an Interface, and neither flotating rules will allow to force an IPSEC through as a gateway.

      Pretty sure I'm missing something quite basic, but I can make this work. Should this be done with a P2 in the tunnel definition?

      Any sugestions please.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        This might get you going in the right direction:

        https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • G
          gtrevize
          last edited by

          Thanks a lot Delict !!! rigth to the point. It works perfect now, the pfsense box can reach all the other sites subnets.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.