EFW Support

Support => VPN Support => Topic started by: tab on Tuesday 05 June 2012, 02:18:26 pm



Title: 2 Office IPSEC
Post by: tab on Tuesday 05 June 2012, 02:18:26 pm
Hello.

We have 2 office, efw 2.5.1 and IPSEC tunnel between. How to send all traffic into IPSEC tunnel from second office? We need send all traffic from PC_2 into IPSEC tunnel to MAIN_OFFICE:

PC_1---GREEN-LAN---MAIN_OFFICE =====IPSEC=====SECOND_OFFICE ---GREEN-LAN---PC_2

thx for help.


Title: Re: 2 Office IPSEC
Post by: hinge on Wednesday 06 June 2012, 11:01:46 am
Can you try this..  ;D ;D ;D https://endian.zendesk.com/entries/20059443-ssl-vpn-how-to-create-a-net (https://endian.zendesk.com/entries/20059443-ssl-vpn-how-to-create-a-net)


Title: Re: 2 Office IPSEC
Post by: tab on Wednesday 06 June 2012, 12:27:53 pm
OpenVPN is not IPSEC  :-\


Title: Re: 2 Office IPSEC
Post by: hinge on Wednesday 06 June 2012, 12:52:35 pm
ok.. if ever try this.. https://endian.zendesk.com/entries/20059403-ipsec-vpn-how-to-create-a-net-to-net-connection-endian-to-endian (https://endian.zendesk.com/entries/20059403-ipsec-vpn-how-to-create-a-net-to-net-connection-endian-to-endian) if not can you try to GOOGLE.. ;)


Title: Re: 2 Office IPSEC
Post by: tab on Wednesday 06 June 2012, 01:13:06 pm
We ALREADY have IPSEC tunnel between MAIN_OFFICE and SECOND_OFFICE!

It's work fine, but when open browser or mail client on PC_2 all traffic goes through SECOND_OFFICE_EFW-->INTERNET.

We need this:
PC_2 --> SECOND_OFFICE_EFW --> IPSEC --> MAIN_OFFICE_EFW --> INTERNET

How to make it through the firewall or routing rules?


Title: Re: 2 Office IPSEC
Post by: trymes on Saturday 28 July 2012, 05:30:18 am
Perhaps I am missing something, but it sounds like your problem doesn't really involve IPSec, per se.

In other words, you can currently:
  • Connect to the internet from either site.
  • Communicate between the two sites via IPSec.

However, the issue you seem to be having is that you want to force all internet traffic from a specific device to travel across the IPSec tunnel and be sent out over the internet connection at the other site. Is that correct?

Tom


Title: Re: 2 Office IPSEC
Post by: trymes on Saturday 28 July 2012, 06:00:21 am
Also, if that is the case, then you likely can accomplish what you want via Policy Routing, which is located under "Network > Routing". Specify the source, the destination, and the service, and then how to route that traffic.

You would also use this feature to route traffic from certain computers/interfaces/subnets over a specific WAN uplink if you so desired.

Tom


Title: Re: 2 Office IPSEC
Post by: dda on Wednesday 15 August 2012, 04:47:48 am
Wouldn't a simple default gateway entry of the main office EFW machine solve this problem?