The pfSense Store

Author Topic: Ipsec bridged vpn ?  (Read 2425 times)

0 Members and 1 Guest are viewing this topic.

Offline jonny@aalgaard.org

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Ipsec bridged vpn ?
« on: March 15, 2011, 03:07:22 am »
Does anyone know if it is possible to make an bridged ipsec vpn ? Need to check out this because I am running vmware at 2 different locations, and for failover it would be great to use both vmware farms to run each others virtual machines. Therefore i have played with the idea of using same subnet at both locations. I know there is a option for running bridge vpn with sonicwall, but i prefer Pfsense as i think it is better.
Also, would it be possible to broadcast netbios over ipsec vpn ? Any help would be Grateful

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14990
  • Karma: +4/-0
    • View Profile
Re: Ipsec bridged vpn ?
« Reply #1 on: March 15, 2011, 12:29:18 pm »
It can be done, but it isn't just IPsec. You can setup IPsec in transport mode between WAN IPs of the hosts, to secure communications between them, and then add a GIF tunnel to connect and pass traffic between the routers, and you can bridge the GIF interface to LAN.

It works, but I would try to avoid bridging wherever possible.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jonny@aalgaard.org

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Ipsec bridged vpn ?
« Reply #2 on: March 16, 2011, 10:39:13 am »
Thanks Jimp !
What is GIF? I cannot find GIF anyplace in my firewall. I am using version 1.2.3-release. Do i need to upgrade my version or download a specific package for getting the GIF opportunity?
Regards

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14990
  • Karma: +4/-0
    • View Profile
Re: Ipsec bridged vpn ?
« Reply #3 on: March 16, 2011, 10:40:02 am »
It's a type of tunneling interface.

It's only on 2.0.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jonny@aalgaard.org

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Ipsec bridged vpn ?
« Reply #4 on: March 16, 2011, 10:51:00 am »
Thanks again!
I will download 2.0 and try it.

Offline nooblet

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Ipsec bridged vpn ?
« Reply #5 on: March 29, 2011, 10:18:53 am »
Hi....I'm trying to do the same thing for testing/experimentation purposes...
I have setup the IPSEC in transport mode, I think I am having trouble with the GIF/bridging piece of it.

Hopefully someone can help me shed some light on where I am going wrong....my desired end result is a LAN at layer 2 stretched across the WAN (while being secure)

Right now I cannot ping any hosts on the opposite end of the tunnel

Below is my config...let me know if you need to see more....all firewall rules for all interfaces except wan are */any

I should also note that both of these pfsense machines are on vmware esxi boxes...

Pfsense1








Pfsense2





Thanks for any help!

Offline nooblet

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Ipsec bridged vpn ?
« Reply #6 on: March 29, 2011, 11:51:04 am »
Ok...so this config DOES actually work...I had to set my vmware adapter to 'allow promiscuous mode' (doh), now I can ping hosts on both sides.

Hope this helps anyone with a similar issue!