IPSEC route ALL traffic over IPSEC connection

raupc

Hi there,

I just set up a communication between two networks with an ipsec vpn.

The tunnel is working fine, i can access shares/MSTSC/pings etc. on each network.

But now i want to route all traffic including internet traffic over one of the networks, so all internet traffic is going over one gateway. ( i don't want to use any sort of proxy)

Is there a way i can do that?

Thanks in advance,

GruensFroeschli

Cant you just set the default gateway for pfSense to the other side of the tunnel?

(or a static route for 0.0.0.0 pointing to the other side)

raupc

The static route i already tried doesn't solve my problem.

But where should i fill in the default gateway ?

GruensFroeschli

Well only a single static route wouldnt solve it.
You also need a static route to the other endpoint over your real connection.
Otherwise your tunnel goes down the second you put the static route in place.

Well the static route IS the default gateway ^^"

But do you really need IPSEC?
This would be easier with OpenVPN.

raupc

unfortunately it has to be ipsec :-\

But how to do with the static routes.

Can you explain it al little further?

raupc

so okay maybe i figured it out.

First i set up a static route

0.0.0.0 /1  to my real ip address 84.x.x.x

then a static route

0.0.0.0 /1 to 192.x.x.x

but i have to try it

raupc

nope, can't  get it to work

Someone any idea?  ???

GruensFroeschli

@raupc:

First i set up a static route
0.0.0.0 /1  to my real ip address 84.x.x.x
then a static route
0.0.0.0 /1 to 192.x.x.x

More like:
84.x.x.x to the gateway of your WAN
0.0.0.0/0 to the router on the other side of the IPsec connection

raupc

hmm i don't get it.

The topology of the network.

NetA                                 NetB

10.x.x.x                             192.168.1.x

wan                                  wan

212.x.x.x                            84.x.x.x

Net A has to go over the gateway of net B

Maybe you can point me where to put the routes.

0.0.0.0 /0  is not possible in pfsense only 0.0.0.0 /1

Is there any other way to adjust the routing table of pfsense?

GruensFroeschli

add these static routes:
destination: 84.x.x.x/32    gateway: YourIPSsGateway
destination: 0.0.0.0/1      gateway: 192.168.1.x (router on other side of tunnel)
destination: 128.0.0.0/1    gateway: 192.168.1.x (router on other side of tunnel)

That's what openVPN does behind the scene.
I'm not sure that this works with IPsec too but i think it should.

Also make sure that your firewall rules that allows access from the LAN has as gateway * (default)

raupc

nope, that doensn't do the trick.

i'm starting to believe that's not possible what i want.

Are there any other firewall/ipsec vpn solutions where all traffic goes standard over the tunnel?