Project

General

Profile

Actions

Bug #9036

closed

The bypasslan feature should be configurable for any interface.

Added by NCATS LAB over 5 years ago. Updated over 5 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
10/11/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

In StrongSwan, the bypasslan feature is configurable for any interface.
However, in pfsense we are limited to only the interface labeled LAN.

This will force us to use route VTI, which we really don't want to use as:
1. Strongswan lists routevti and bypasslan as incompatible
2. We don't want to have to start carving out /30 subnets to make route based VPNs to work.

Please make bypasslan configurable for any interface.

Note: This seems to say bypasslan and route based lans are incompatible. Is this true for the pfsense implementation?
https://wiki.strongswan.org/projects/strongswan/wiki/Bypass-lan

Actions #1

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Duplicate

Duplicate of #5826

Please post questions on the forum before opening issues, this isn't a site for discussion and support.

Actions #2

Updated by NCATS LAB over 5 years ago

Thank-you, it is not easy to find the correct/applicable entries in the forum.
I am not attempting dialogue so much as requesting udpates/changes.
1. Please make bypass LAN configurable for every interface.
2. Please provide documentation in the manual for the bypasslan/"route based VPN" incompatibility, if what I read on the StrongSwan site follows to PFSense.

Actions #3

Updated by NCATS LAB over 5 years ago

I see this was changed to Duplicate

Can we change it to feature request?

Actions #4

Updated by Jim Pingle over 5 years ago

It is a duplicate of issue #5826 which covers the same request.

Actions

Also available in: Atom PDF