On 10 February 2018 at 11:11, Chris L <c...@viptalk.net> wrote:

>
> > On Feb 9, 2018, at 5:25 AM, Mark Wiater <mark.wia...@greybeam.com>
> wrote:
> >
> > In my experience, one does not see routes in the routing table for IPSEC
> based routes.
> >
> > IPSEC tunneling, I believe, happens before any NATting might. This might
> be why you're seeing your traffic exit the default gateway since it still
> possesses it's original ip addresses. I'm not sure what you are trying to
> achieve is possible on the same device, unless you do some kind of NAT on
> the incoming interface if that's possible.
> >
> > Seeing actual configuration files might be helpful. So would the results
> of packet capture on both I{SEC interfaces.
> >
>
> IPsec “routes” do not appear in the routing table. They are installed in
> the kernel as traffic selectors. Status > IPsec, SPDs.
>

h, I see them there now.


>
> If you are policy routing on the 192.168.110.130 interface you will need
> to bypass that with a pass rule to the other side (the Remote Network in
> the Phase 2) with no gateway set.
>

The pass rule, how do I set that with no gateway?


>
>
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>

‌
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to