On 10 February 2018 at 11:11, Chris L <[email protected]> wrote: > > > On Feb 9, 2018, at 5:25 AM, Mark Wiater <[email protected]> > wrote: > > > > In my experience, one does not see routes in the routing table for IPSEC > based routes. > > > > IPSEC tunneling, I believe, happens before any NATting might. This might > be why you're seeing your traffic exit the default gateway since it still > possesses it's original ip addresses. I'm not sure what you are trying to > achieve is possible on the same device, unless you do some kind of NAT on > the incoming interface if that's possible. > > > > Seeing actual configuration files might be helpful. So would the results > of packet capture on both I{SEC interfaces. > > > > IPsec “routes” do not appear in the routing table. They are installed in > the kernel as traffic selectors. Status > IPsec, SPDs. >
h, I see them there now. > > If you are policy routing on the 192.168.110.130 interface you will need > to bypass that with a pass rule to the other side (the Remote Network in > the Phase 2) with no gateway set. > The pass rule, how do I set that with no gateway? > > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
