[SOLVED] How can I route loopback traffic through an IPSEC tunnel
-
I have a setup where multiple sites are connected through IPSEC tunnels. Each site has it's own DNS serving an specific internal domain (let's say DOMAIN1.LAN, DOMAIN2.LAN, etc.) so in order to simplify the configuration and also allow all clients to be able to resolve names from all the domains, I setup DNS Resolver on each site pfsense and force it with DHCP to the clients as the default DNS.
This is not working because despite that the clients can actually reach the internal DNS servers, the pfsense boxes itselfs can not.
So the question is, how can I force the traffic from 127.0.0.1 going to the other sites subnets (i.e. 192.168.100.0/24) go through the appropiate tunnel to reach that subnet?
Manual NAT will not allow to select localhost (loopback) as an Interface, and neither flotating rules will allow to force an IPSEC through as a gateway.
Pretty sure I'm missing something quite basic, but I can make this work. Should this be done with a P2 in the tunnel definition?
Any sugestions please.
-
This might get you going in the right direction:
https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN
-
Thanks a lot Delict !!! rigth to the point. It works perfect now, the pfsense box can reach all the other sites subnets.