I know this has come up more than once in the past, but I can’t find it in the archives (i.e. can’t figure out the right keywords).
If my pfSense box is the endpoint of an IPSec tunnel, all the devices routing through it can reach the far side, but traffic originating from the pfSense box itself doesn’t get there. I think I remember the solution being to add a static route on the pfSense box, but I can’t remember precisely what had to be added. I also remember that doing so would cause an error message to be logged somewhere every time(?) a packet was sent through that route. I want my pfSense IPSec tunnel endpoint to talk either OSPF or BGP to the Cisco ISR at the other end, as there’s several hundred routes reachable through it and I don’t want to manually enter hundreds of phase-2 proposals on both ends! This *is* possible, right? I’m sure I remember doing something like this before… Could someone please jog my memory on exactly what I need to add? (BTW: running 2.0RC1, where that makes a difference) -Adam Thompson athom...@athompso.net
