Re: [pfSense Support] Static Route for IPSEC
The subnet will need to be part of your tunnel definition. There is no need to add it as a route. --Bill On 10/21/07, Michael Richardson <[EMAIL PROTECTED]> wrote: > I'd like to create a static route that points to a gateway over an IPSEC > tunnel but there is no "IPSEC" interface (as there is for PPTP). Can this be > done? How? > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Almost there - Dual-Wan IPSEC, rules, and routing
On 10/21/07, Gabriel Green <[EMAIL PROTECTED]> wrote: > I am going to try a snapshot tonight as a last ditch effort; it looks like > one was updated today. Or maybe I am misunderstood in that it's always that > way. Snaps are built every couple hours. The snapshot box builds each platform on each branch pretty much back to back. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: [Fwd: Re: [pfSense Support] Dual Wan - Same Gateway]
On 10/21/07, Michael Richardson <[EMAIL PROTECTED]> wrote: > Upstream box isn't pfSense and does VERY little. Nothing I can do on the > downstream box (pfSense) ? Any chance you can put the NAT box in front of WAN and not WAN2? I'm assuming that WAN isn't used for anything that NAT messes with too much, just WAN2. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Almost there - Dual-Wan IPSEC, rules, and routing
Hello all, For the past couple weeks as I did not have time to keep toying with the issue, I maintained two WAN/LAN pfSense boxes--one for termination from an SDSL line and one from a T1. This weekend, I had time and was certain it was possible, I'm just missing something. For your reference, please see http://www.offramp.org/~ggreen/ where I have posted a diagram. See, I have 5 NICs in the pfSense box (and two interfaces I am not using presently), LAN, WAN (T1) and OPT1 (SDSL-WAN). IPSEC works beautifully if it terminates on WAN, but if it terminates on OPT1 I can never seem to get over to the LAN or back! The SA shows up and everything, I've tried every permissive firewall rule I can think of, but it just *works* from WAN, not from an OPT. I am going to try a snapshot tonight as a last ditch effort; it looks like one was updated today. Or maybe I am misunderstood in that it's always that way. We'll see shortly... Gabe
[pfSense Support] Static Route for IPSEC
I'd like to create a static route that points to a gateway over an IPSEC tunnel but there is no "IPSEC" interface (as there is for PPTP). Can this be done? How? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: [Fwd: Re: [pfSense Support] Dual Wan - Same Gateway]
Upstream box isn't pfSense and does VERY little. Nothing I can do on the downstream box (pfSense) ? On Sat, 20 Oct 2007, Bill Marquette ([EMAIL PROTECTED]) wrote: On 10/20/07, Michael Richardson wrote: > One of the primary reasons I wanted a dual-wan configuration was so our 1st > 15Mb line wasn't saturated with large file transfers, which we do regularly. > The next reason is for fail-over and/or load-balancing. > > That said, I've implemented a NAT device to get the 2nd line on a separate > gateway (as far as pf is concerned) and tried to setup ipSec on the WAN2, > but I hadn't previously considered NAT traversal with IPSEC which is now an > issue. This means that the local pf box doesn't see the remote gateway, it > see's the NAT'd IP. > > I do use advanced outbound NAT to force certain traffic out WAN2. That said, > how do I get IPSEC working over WAN2 (aside from changing the selected > interface in the SA. Terminate the vpn on the upstream box? --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]