Route the same LAN network through IPSec

This forum is intended to provide straightforward answers for people trying to use DynFi Firewall Open Source firewalls.
We might also try to answer questions related to competitors firewall such as pfSense® and OPNsense® systems.

Moderator: gregober

Post Reply
User avatar
JonPre
Posts: 4
Joined: 19 Jun 2020, 19:12

Route the same LAN network through IPSec

Post by JonPre » 23 Sep 2020, 18:07

Hello team,

I would like to know if it's possible to do the scheme in attach?
Schema W3COM AZURE ORANGE.jpg
The idea is to enable the communication between 10.1.1.4 and 10.254.254.2 by using the intermediate gateway 10.1.1.62.

I know it's unusual but it's a necessity.

Thanks for your help.
User avatar
gregober
Posts: 236
Joined: 26 Mar 2019, 15:06

Re: Route the same LAN network through IPSec

Post by gregober » 25 Sep 2020, 12:50

Hello Jon,

Yes, I think It is possible to do that without any problem.

You probably will have to go through the details of the configuration of IPsec proposed by Microsoft.
This seems to be detailed here : https://docs.microsoft.com/fr-fr/azure/ ... ger-portal

It looks like they are using the following :
  • For phase one :
    • Key exchange : auto
    • Remote GW : depending on your location
    • Authentication mode : Mutual PSK
    • Negociation mode : Main
    • My ID : My IP
    • Peer ID : Peer IP
    • Encryption P1 : AES 256 - SHA256 - DH Group 2
  • For phase two :
    • List remote network
    • Also in AES 256
    • List local network

You'll need to add the right FW rules in order to secure all this…
But basically this should do it !
Post Reply