Welcome, Guest. Please login or register.
Did you miss your activation email?
+  pfSense Forum
|-+  pfSense English Support» IPsec» Ipsec bridged vpn ?
Username:
Password:
 
Home Help Search Login Register
 

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Ipsec bridged vpn ?  (Read 1690 times)
0 Members and 1 Guest are viewing this topic.
jonny@aalgaard.org
Newbie
*
Offline Offline

Posts: 9


View Profile
« on: March 15, 2011, 03:07:22 am »
Does anyone know if it is possible to make an bridged ipsec vpn ? Need to check out this because I am running vmware at 2 different locations, and for failover it would be great to use both vmware farms to run each others virtual machines. Therefore i have played with the idea of using same subnet at both locations. I know there is a option for running bridge vpn with sonicwall, but i prefer Pfsense as i think it is better.
Also, would it be possible to broadcast netbios over ipsec vpn ? Any help would be Grateful
Logged
jimp
Administrator
Hero Member
*****
Offline Offline

Posts: 12852



View Profile
« Reply #1 on: March 15, 2011, 12:29:18 pm »
It can be done, but it isn't just IPsec. You can setup IPsec in transport mode between WAN IPs of the hosts, to secure communications between them, and then add a GIF tunnel to connect and pass traffic between the routers, and you can bridge the GIF interface to LAN.

It works, but I would try to avoid bridging wherever possible.
Logged
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Donate to the project | My Wish List
jonny@aalgaard.org
Newbie
*
Offline Offline

Posts: 9


View Profile
« Reply #2 on: March 16, 2011, 10:39:13 am »
Thanks Jimp !
What is GIF? I cannot find GIF anyplace in my firewall. I am using version 1.2.3-release. Do i need to upgrade my version or download a specific package for getting the GIF opportunity?
Regards
Logged
jimp
Administrator
Hero Member
*****
Offline Offline

Posts: 12852



View Profile
« Reply #3 on: March 16, 2011, 10:40:02 am »
It's a type of tunneling interface.

It's only on 2.0.
Logged
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Donate to the project | My Wish List
jonny@aalgaard.org
Newbie
*
Offline Offline

Posts: 9


View Profile
« Reply #4 on: March 16, 2011, 10:51:00 am »
Thanks again!
I will download 2.0 and try it.
Logged
nooblet
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #5 on: March 29, 2011, 10:18:53 am »
Hi....I'm trying to do the same thing for testing/experimentation purposes...
I have setup the IPSEC in transport mode, I think I am having trouble with the GIF/bridging piece of it.

Hopefully someone can help me shed some light on where I am going wrong....my desired end result is a LAN at layer 2 stretched across the WAN (while being secure)

Right now I cannot ping any hosts on the opposite end of the tunnel

Below is my config...let me know if you need to see more....all firewall rules for all interfaces except wan are */any

I should also note that both of these pfsense machines are on vmware esxi boxes...

Pfsense1








Pfsense2





Thanks for any help!
Logged
nooblet
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #6 on: March 29, 2011, 11:51:04 am »
Ok...so this config DOES actually work...I had to set my vmware adapter to 'allow promiscuous mode' (doh), now I can ping hosts on both sides.

Hope this helps anyone with a similar issue!
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

 

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Page created in 0.03 seconds with 20 queries.