On 2015-Mar-09, at 2:56 AM, Brian Candler <[email protected]> wrote:
> On 09/03/2015 09:51, Bryan D. wrote: >> So it sounds like the IPsec and OpenVPN traffic would be such traffic? > IPSEC traffic is addressed *to* the firewall (at least the IKE stuff on udp > 500 is, since it is received by strongswan/racoon) > > But the firewall already has a public IP address for IPSec. > > Are you saying you want different clients' IPSEC tunnels to terminate on > different public IP addresses on the firewall WAN side? That I've never > tried, and I don't know if it's possible. Nope, it's a fully functioning setup (has been, in this form, for a few years) ... just wanted to switch off CARP VIPs since I'm not using failover. The only question is why won't IP Alias VIPs replace the CARP VIPs? I can give more detail about things, but the failure mode involves a pretty straight-forward setup: server on LAN <--> NAT <--> WAN + VIPs <--> port-forward <--> Internet VPN on pfSense (IPsec & OpenVPN) <--> WAN + 1 VIP <--> Internet _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
