RE: [pfSense-discussion] IPsec tunnel to a transparent bridge
Just as an FYI and to give the creative juices something to consider :-). Other firewall solutions terminate IPSEC on a Layer two firewall, by configuring the tunnel endpoint address on the device as a Cisco style 'loopback' interface. As you can imagine, this has a lot of advantages. -Original Message- From: Eugen Leitl [mailto:[EMAIL PROTECTED] Sent: 05 October 2008 10:32 To: discussion@pfsense.com Subject: [pfSense-discussion] IPsec tunnel to a transparent bridge Almost a year ago, Chris Buechler told me http://www.mail-archive.com/discussion@pfsense.com/msg02426.html In a transparent bridge setup, the gateway of the hosts on the bridge isn't going to be pfsense, it'll be something on the outside interface. If you have a routed subnet setup on an OPT interface this will work fine. Unfortunately, I have only WAN and LAN. a) Is there a way to set up a routed subnet via Virtual IPs? b) assuming yes, how I do that? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[pfSense-discussion] IPsec tunnel to a transparent bridge
Almost a year ago, Chris Buechler told me http://www.mail-archive.com/discussion@pfsense.com/msg02426.html In a transparent bridge setup, the gateway of the hosts on the bridge isn't going to be pfsense, it'll be something on the outside interface. If you have a routed subnet setup on an OPT interface this will work fine. Unfortunately, I have only WAN and LAN. a) Is there a way to set up a routed subnet via Virtual IPs? b) assuming yes, how I do that? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[pfSense-discussion] IPsec tunnel to a transparent bridge
I used to have a nice pre-shared key IPsec tunnel between two m0n0walls/pfSenses, running in NAT. Worked very nicely. However, I now have a transparent bridge with a public /24 network, and whenever I activate the tunnel I no longer can ping any host on the network (the firewall included) from inside my home firewall (NATted). Is there a trick to it, or does this configuration simply not work? Thanks, -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: [pfSense-discussion] IPsec tunnel to a transparent bridge
Eugen Leitl wrote: I used to have a nice pre-shared key IPsec tunnel between two m0n0walls/pfSenses, running in NAT. Worked very nicely. However, I now have a transparent bridge with a public /24 network, and whenever I activate the tunnel I no longer can ping any host on the network (the firewall included) from inside my home firewall (NATted). Is there a trick to it, or does this configuration simply not work? In a transparent bridge setup, the gateway of the hosts on the bridge isn't going to be pfsense, it'll be something on the outside interface. If you have a routed subnet setup on an OPT interface this will work fine.
Re: [pfSense-discussion] IPsec tunnel to a transparent bridge
On Tue, Nov 06, 2007 at 10:59:25AM -0500, Chris Buechler wrote: In a transparent bridge setup, the gateway of the hosts on the bridge isn't going to be pfsense, it'll be something on the outside interface. If you have a routed subnet setup on an OPT interface this will work fine. Alas, the box has only two NICs. Is there something which would work with VIPs/VLANs? I also seem to have fried one of the mini-ITX C3 boards in my Travla C147 case (apparently, inserting a VGA cable with a few bent pins can do that to you). I was thinking about getting a Jetway C7 board with a 4-NIC daughtercard, but I'm not at all sure it would fit. http://www.mini-itx.com/store/?c=3 says Jetway C7 boards will fit, but backplates are not available.. Anyone tried fitting Jetway C7 boards in there? Did it work? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
