[pfSense-discussion] IPsec and OPT
Anyone has a working IPsec config with a virtual OPT device (VIP or similar) you could share? I've made a tunnel (one end is transparent bridge, terminated on WAN), but can't route between networks. I'll move on to OpenVPN (UDP port forwarded behind NAT and terminated on a LAN box) shortly, but I need to get IPsec working as well. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] IPsec and OPT
On Tue, Nov 3, 2009 at 7:45 AM, Eugen Leitl eu...@leitl.org wrote: Anyone has a working IPsec config with a virtual OPT device (VIP or similar) you could share? I've made a tunnel (one end is transparent bridge, terminated on WAN), but can't route between networks. I'll move on to OpenVPN (UDP port forwarded behind NAT and terminated on a LAN box) shortly, but I need to get IPsec working as well. It requires static-routes to ensure that the traffic goes back out the OPT interface IIRC. Scott - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] IPsec and OPT
On Tue, Nov 03, 2009 at 10:33:40AM -0500, Scott Ullrich wrote: On Tue, Nov 3, 2009 at 7:45 AM, Eugen Leitl eu...@leitl.org wrote: Anyone has a working IPsec config with a virtual OPT device (VIP or similar) you could share? I've made a tunnel (one end is transparent bridge, terminated on WAN), but can't route between networks. I'll move on to OpenVPN (UDP port forwarded behind NAT and terminated on a LAN box) shortly, but I need to get IPsec working as well. It requires static-routes to ensure that the traffic goes back out the OPT interface IIRC. My problem is that the firewall I'm prototyping this on does have only WAN and LAN, and no OPT (I've tried defining a VIP and a VLAN, but can't get this to work). The other firewall is also strangely configured, since having a 10.2.0.5 as WAN IP address. I wanted to make sure that private IP is not the culprit in that the tunnel doesn't route. I've already tried static routes, but there's only WAN/LAN/PPTP option there. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org