IPSEC route ALL traffic over IPSEC connection



  • Hi there,

    I just set up a communication between two networks with an ipsec vpn.

    The tunnel is working fine, i can access shares/MSTSC/pings etc. on each network.

    But now i want to route all traffic including internet traffic over one of the networks, so all internet traffic is going over one gateway. ( i don't want to use any sort of proxy)

    Is there a way i can do that?

    Thanks in advance,



  • Cant you just set the default gateway for pfSense to the other side of the tunnel?

    (or a static route for 0.0.0.0 pointing to the other side)



  • The static route i already tried doesn't solve my problem.

    But where should i fill in the default gateway ?



  • Well only a single static route wouldnt solve it.
    You also need a static route to the other endpoint over your real connection.
    Otherwise your tunnel goes down the second you put the static route in place.

    Well the static route IS the default gateway ^^"

    But do you really need IPSEC?
    This would be easier with OpenVPN.



  • unfortunately it has to be ipsec :-\

    But how to do with the static routes.

    Can you explain it al little further?



  • so okay maybe i figured it out.

    First i set up a static route

    0.0.0.0 /1  to my real ip address 84.x.x.x

    then a static route

    0.0.0.0 /1 to 192.x.x.x

    but i have to try it



  • nope, can't  get it to work

    Someone any idea?  ???



  • @raupc:

    First i set up a static route
    0.0.0.0 /1  to my real ip address 84.x.x.x
    then a static route
    0.0.0.0 /1 to 192.x.x.x

    More like:
    84.x.x.x to the gateway of your WAN
    0.0.0.0/0 to the router on the other side of the IPsec connection



  • hmm i don't get it.

    The topology of the network.

    NetA                                 NetB

    10.x.x.x                             192.168.1.x

    wan                                  wan

    212.x.x.x                            84.x.x.x

    Net A has to go over the gateway of net B

    Maybe you can point me where to put the routes.

    0.0.0.0 /0  is not possible in pfsense only 0.0.0.0 /1

    Is there any other way to adjust the routing table of pfsense?



  • add these static routes:
    destination: 84.x.x.x/32    gateway: YourIPSsGateway
    destination: 0.0.0.0/1      gateway: 192.168.1.x (router on other side of tunnel)
    destination: 128.0.0.0/1    gateway: 192.168.1.x (router on other side of tunnel)

    That's what openVPN does behind the scene.
    I'm not sure that this works with IPsec too but i think it should.

    Also make sure that your firewall rules that allows access from the LAN has as gateway * (default)



  • nope, that doensn't do the trick.

    i'm starting to believe that's not possible what i want.

    Are there any other firewall/ipsec vpn solutions where all traffic goes standard over the tunnel?


Log in to reply