> On Mar 9, 2015, at 2:56 AM, Brian Candler <b.cand...@pobox.com> wrote: > > On 09/03/2015 09:51, Bryan D. wrote: >> So it sounds like the IPsec and OpenVPN traffic would be such traffic? > IPSEC traffic is addressed *to* the firewall (at least the IKE stuff on udp > 500 is, since it is received by strongswan/racoon) > > But the firewall already has a public IP address for IPSec. > > Are you saying you want different clients' IPSEC tunnels to terminate on > different public IP addresses on the firewall WAN side? That I've never > tried, and I don't know if it's possible.
It listens (binds) on whatever interface/VIP is specified in the Interface drop-down in the IPSec/OpenVPN config. If you have a VIP specified, and you change the VIP, you might have to go back and select the new VIP. Firewall rules other than actual interface addresses are specified by IP address so they should still be good if you change the VIP type. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
