IPsec tunnel from hosts on public WAN subnet to private LAN



  • We have two pfSense hosts in two different datacenters, each on version 2.2.3  Both datacenters have hosts with rfc 1918 addresses behind the pfSense, as well as other hosts in the same public network as the pfSense WAN interface.  We would like for our hosts with public IPs to be able to reach hosts with private IPs across the ipsec tunnel between the two datacenters.  Is this possible to do without having to NAT the public IP to a private IP before sending it through the tunnel?

    Example:

    Pfsense A:
    Lan: 10.4.0.0/16
    WAN: 1.1.1.1/25

    Pfsense B:
    Lan: 10.3.0.0/16
    WAN 2.2.2.1/25

    Host A (1.1.1.2) –> IPSEC --> Host B (10.3.1.1)


Log in to reply