On 2015-Mar-09, at 3:11 AM, Chris L <c...@viptalk.net> wrote: > >> On Mar 9, 2015, at 3:07 AM, Brian Candler <b.cand...@pobox.com> wrote: >> >> On 09/03/2015 10:05, Chris L wrote: >>>> Are you saying you want different clients' IPSEC tunnels to terminate on >>>> different public IP addresses on the firewall WAN side? That I've never >>>> tried, and I don't know if it's possible. >>> It listens (binds) on whatever interface/VIP is specified in the Interface >>> drop-down in the IPSec/OpenVPN config. >> Sure: I was asking if the requirement is to have *multiple* IPSEC VIPs which >> are processed differently. >> >> If not, then why not just terminate IPSEC on the firewall's primary IP >> address? > > Good question for OP. As far as I know, racoon and strongswan listen on one > binding for all clients. OpenVPN is set per-instance.
We can forget the VPN aspect, here ... what's failing is simple web-site access when the VIP type is changed. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold