Netgate SG-1000 microFirewall

Author Topic: Static route to overlapping IPSEC subnet  (Read 149 times)

0 Members and 1 Guest are viewing this topic.

Offline Fred9176

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Static route to overlapping IPSEC subnet
« on: December 21, 2017, 09:53:48 am »

I have a working instance of pfSense 2.4.2 with the following setup :

- LAN is on (pfsense is
- I have an IPSEC tunnel though WAN with remote subnet which works fine
- The LAN network has an other router on

I need to access a network through this second router. This network is (overlapping with IPSec remote subnet).

On a server in the LAN network (with default gateway set to pfsense (, if I add a route to via (other router), it works fine.

But when I add this static route in pfSense, I can't access this subnetwork. It seems, looking in Diagnostic/States that it sends packets though the IPSec interface instead of LAN.

I also tried to specify a gateway in firewall rules for this subnet without success.

Is there any way to achieve this setup ?

Thank you very much for your help.



Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10025
  • Karma: +1136/-312
    • View Profile
Re: Static route to overlapping IPSEC subnet
« Reply #1 on: December 21, 2017, 12:00:46 pm »
It might work if you use policy-based routing for the destination on the LAN interface, bypassing IPsec.

It's a big might.

It sounds like you tried that though. You might want to post what you've tried because, at a minimum, that should at least send the traffic out the correct gateway instead of IPsec.

That's why it is not recommended you configure large swaths of space like anywhere. Running into conflicts with other sites is pretty much inevitable when you do that.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!