Configure VPN / IPSec with a routed public IP



  • Hi
    I am wondering if this is possible with pfSense. See the attached diagram where I've tried to illustrate that I want to create a IPsec tunnel between two pfSense rotuers. Router 1 has the public IP 1.1.1.1 and local LAN 192.168.100.0/24 which wants access to the remote LAN 192.168.200.0 /24 on Router 2.

    Router 2 has two ISP connections for redudancy with IP 2.2.2.2 and 3.3.3.3. Router 2 has been provided with a public IP range of 4.4.4.0/29. ISP 1 and ISP 2 is configured to route the 4.4.4.0/29 range to Router 2 by the help of BGP for redudancy to work. BGP is not part of this scope or question.

    To avoid the IPsec tunnel going down in case the primary ISP link (ISP 1 with 2.2.2.2) I want to avoid using 2.2.2.2 and 3.3.3.3 for the IPsec peer. Instead I want to use one of the routed IPs in the 4.4.4.0/29 range. For instance 4.4.4.7. In case pfSense needs to terminate an IPsec tunnel with an interface I have drawn in an optional VLAN 10 and assigned 4.4.4.7/32 to that interface to possibly solve that issue.

    Is it at all possible to achieve this? I was thinking of trying to configure it in a lab to test it out, but was curious to hear if it could be done.

    Thanks for reading and I look forward to any tips.



Log in to reply