Re: [pfSense] Remove a single ip from ipsec

Thu, 29 Aug 2013 06:20:17 -0700 

 

 

Van: [email protected] [mailto:[email protected]] 
Namens D C
Verzonden: donderdag 29 augustus 2013 15:13
Aan: pfSense support and discussion
Onderwerp: Re: [pfSense] Remove a single ip from ipsec

 

 




 

Thanks,

Dan

 

On Thu, Aug 29, 2013 at 9:09 AM, Jochem de Waal <[email protected]> wrote:

 


I'm running into a funny but annoying situation.

I have an ipsec tunnel setup between two pfsense boxes.  The tunnel is working 
great, and I am allowing my office's /24 network to access a remote datacenters 
/24 public ips through the vpn.

The problem is that we have one ip (.103) on the remote network which I need to 
NOT go through the vpn.

I've tried playing with static routes, and firewall redirects but had no luck.  

How can i exclude a single ip from the ipsec phase2 entry?  Am I going to have 
to break my phase 2 entry into multiple entries so that I can skip over this 
one ip, or is there a better way?

 

Thanks,

Dan

 

 

Van: [email protected] [mailto:[email protected]] 
Namens D C
Verzonden: donderdag 29 augustus 2013 14:56
Aan: [email protected]
Onderwerp: [pfSense] Remove a single ip from ipsec

 

Create a Block rule on IPSEC above the allow rule

 

​This would be ideal, but I don't see an option to do this.  I'm using pfsense 
2.0.1-RELEASE amd64

​

 

 

         

        Cheers,

        Jochem

        
        _______________________________________________
        List mailing list
        [email protected]
        http://lists.pfsense.org/mailman/listinfo/list

Hi Dan,

 

In pfSense at the LOCAL site goto:

 

FIREWALL à RULES à IPSEC

 

Above the allow rule for the remote network segment place a block rule for that 
single IP.

 

 

​Ok, I think I mispoke.​

I need to be able to access that remote ip.  I just don't want it to go through 
ipsec.

 

Basically I need that remote host to see my public ip that I'm natting on.  
When the traffic goes through ipsec, the remote host see's my internal ips.   

 

 

 

         

        Grtx,

        Jochem

        
        _______________________________________________
        List mailing list
        [email protected] <mailto:[email protected]> 
        http://lists.pfsense.org/mailman/listinfo/list 
<http://lists.pfsense.org/mailman/listinfo/list> 

The subnets that you are routing through the IPSEC tunnel, are they private or 
public?

 

 


_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list

Reply via email to