Hi again ! Now we have established a tunnel with our mobile ISP. The tunnel config is as follows:
Local subnet: 0.0.0.0/0 and the remote subnet is 172.17.5.0/24 The intention is that ALL traffic from the mobile device is routed thru our pfSense. Traffic to our local subnets 10.x.x.x works fine, but traffic to WAN (anything except 10.x.x.x) does not work. It seems to me as there is missing a route, because how should the tunnel device (mobile device) know where to route the rest of the traffic (except 10.x.x.x) ? But can I only add a route for physical devices or does pfSense automatically know the routing ? The tunnel is established over IPSec... (mobile) --- (CDA-Provider) --- (tunnel) --- (pfSense) --- WAN Now the question is how to pass the traffic from the mobile device thru the pfSense to WAN and back ? I simply do not get it working :-( I'm happy for any ideas... Regards, Martin -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Fuchs, Martin Gesendet: Freitag, 3. Februar 2012 16:34 An: pfSense support and discussion Betreff: Re: [pfSense] squid over ipsec dial-in Hi ! I'l have to wait now until Wednesday when our ISP will establish the IPSec tunnel and then we'll try further ;-) Thanks so far, Martin -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Jim Pingle Gesendet: Donnerstag, 2. Februar 2012 17:12 An: pfSense support and discussion Betreff: Re: [pfSense] squid over ipsec dial-in On 2/2/2012 10:32 AM, Fuchs, Martin wrote: > For OpenVPN you mean assign the OpenVPN as a interface under interfaces -> > assign ? > Sounds reasonable... Yep. When it's assigned there you can do NAT (inbound or out) and even listen on the interface. > But how would I do such a port forward inbound ? > I tried to setup a NAT rule "from IPSec to any dst tcp 80 forward to > 127.0.0.1:3128" but it seemed it did not work (but perhaps I missed sth...) > But that would be the right way, correct ? Sounds about right. I've never tried that so I didn't know if it would work, but I suspected it wouldn't given the history of IPsec+NAT. Jim _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
