Route specific traffic only though ipsec?

  • Hi Everyone.

    I've been using openvpn for years with pfsense to create firewall rules to route various traffic on my LAN out an openvpn tunnel. Unfortunately after banging my head against the wall for weeks now i'm unable to get the performance I want out of my openvpn tunnel (200-300mbit is what i'm looking for, i'm only achieving 60-90Mbit). My client machine is a C2558 and the server is an E5-2680v3.

    Anyways, I setup ipsec with aes256-gcm and out of the box it just fly's. 200Mbit/s without breaking a sweat (which is the max of my home connection now, but 300mbit is coming this year). The server is colo'd on gigabit. Since i'm unable to assign ipsec to an interface and use it as a gateway like I would with openvpn I haven't been able to figure out how to selectively route traffic over the tunnel with firewall rules? Is this possible? Thanks for any help!

  • Rebel Alliance Developer Netgate

    Unfortunately that isn't possible with policy-based IPsec. It will grab anything and everything that matches the Phase 2 network(s), and will only accept traffic that matches the Phase 2 network(s).

    If we ever gain route-based IPsec (which we may, eventually, lots of us would like to see it) then it would be possible if both sides can do it.

Log in to reply