On Wed, Sep 16, 2015 at 1:39 AM, Andrej Ferčič [PCklinika] < [email protected]> wrote: > > Hello! > > I am sure that this issue has been already discussed, but I can not find any arhive. So, please give me some directions where to search or any link to thread containig the following: > > 1. Is there any routing throught IPSec VPN possible? (IpSec is solved in kernel as I know) > 2. How to use OpenVPN to route a specific trafic throught VPN? Let me explain what I want to solve: > > > Site A (branch office) <> IPSec <> Site B (main office) > > > Site A has two WANs. First, lets name it WAN1 is for all Internet access, WAN2 is dedicated for some special services and uses private IPs 172.x.x.x./16 > > From main office (Site B) is this special service reachable, but I should reach this WAN2 network, from my branch offices to (Site A) > > Has anybody any idea how to solve this with current IPSec VPNs or changing to OpenVPN if first is no go ?! > > Thanks, > > Andrej
I would use OpenVPN unless you need IPSec for any specific reason. I have read a few posts to this list where others are having trouble with IPSec VPNs in the current and some past releases (pfsense). These two VPN services are more then adequate to achieve what you would like to do. The concept is: Site A has a OpenVPN server setup. -This server has a rule (definable in the web interface) that says it has access to and therefore can route,vand will route, traffic addressed to Site B. Site B has a OpenVPN client setup that connects to Site A. -This client has a rule (definable in the web interface) that says that it has access to and therefore can route, and will route, traffic addressed to Site A. I suggest that both networks use different subnets and that you use the TUN method in OpenVPN. TUN transports layer 3. TAP transports layer 2. Another choice you have to make is UDP vs TCP. You can get some guidance here: https://www.bestvpn.com/blog/7359/openvpn-tcp-vs-udp-difference-choose/ If you use UDP, you should make sure to setup a tls-auth key (really fo TCP too) as OpenVPN will drop any UDP packets without that authentication method. Good Luck. It is fairly basic but I am sure you will have to play with the configuration on both sides to figure it out. I think pfSense has a wizard that will help you too. Here is a guide also: https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site Web... _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
