Route the same LAN network through IPSec

This forum is intended to provide straightforward answers for people trying to use Open Source firewalls such as the pfSense® and OPNsense® firewall systems.

Moderator: gregober

Post Reply
User avatar
JonPre
Posts: 4
Joined: Fri Jun 19, 2020 5:12 pm

Route the same LAN network through IPSec

Post by JonPre » Wed Sep 23, 2020 4:07 pm

Hello team,

I would like to know if it's possible to do the scheme in attach?
Schema W3COM AZURE ORANGE.jpg
The idea is to enable the communication between 10.1.1.4 and 10.254.254.2 by using the intermediate gateway 10.1.1.62.

I know it's unusual but it's a necessity.

Thanks for your help.
User avatar
gregober
Posts: 89
Joined: Tue Mar 26, 2019 2:06 pm

Re: Route the same LAN network through IPSec

Post by gregober » Fri Sep 25, 2020 10:50 am

Hello Jon,

Yes, I think It is possible to do that without any problem.

You probably will have to go through the details of the configuration of IPsec proposed by Microsoft.
This seems to be detailed here : https://docs.microsoft.com/fr-fr/azure/ ... ger-portal

It looks like they are using the following :
  • For phase one :
    • Key exchange : auto
    • Remote GW : depending on your location
    • Authentication mode : Mutual PSK
    • Negociation mode : Main
    • My ID : My IP
    • Peer ID : Peer IP
    • Encryption P1 : AES 256 - SHA256 - DH Group 2
  • For phase two :
    • List remote network
    • Also in AES 256
    • List local network

You'll need to add the right FW rules in order to secure all this…
But basically this should do it !
Post Reply