Hello, bonjour, I have some "Simple" IPv4 tunnels (IKEv1) to customers here, 3 are already running. Our LAN: 192.168.1.0/24, WAN IP address 80.254.x.y.
Already working tunnels are having a Phase 2 setup similar to: - Local Network: LAN Subnet NAT/BINAT: Type Network, Address 192.168.10.0/24 - Remote Network: Type Network , Address 10.116.0.0/16 I now have to add a new tunnel, but this time and for the first time the Remote Network Address is using public IP ranges. Current phase 2 setup: - Local Network: WAN Subnet - no NAT/BINAT - Remote Network: Type Network, Address 159.16x.y.z/30 IPSEC connection status for Phase 1 and Phase 2 are fine, everything works as planed when testing from the router itself (when connected via ssh to the pfsense system, I can ping one remote target IP as 159.16x.y.7). But the only issue is that I cannot access the target range 159.16x.y.z/30 from our LAN (192.168.1.0/24). I tried changing the phase 2 settings, but with anything else the tunnel will not work. And if I set "LAN subnet" as NAT/BINAT network, it seems to be ignored and will not be saved. I also thought about adding a static route, but it's not possible to select an tunnel as a gateway, so is it the right place to do this ? So how could I route these packets to 159.16x.y.z/30 over the tunnel instead as directly over our gateway ? Any hint would be very welcome as I am not very experienced with ipsec topics. Merci & kind regards, Olivier PS: I originally posted this in the forum under https://forum.pfsense.org/index.php?topic=111512.0, so of course I will repost any update/solution there too, sorry for any inconvenience. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
