Is it possible to route a WAN IP block from pfSense Site A to a device at Site B directly? I am looking for guidance on the feasibility and the necessary configurations to achieve this setup, as illustrated in the attached diagram.
I understand your question, but what are you exactly trying to accomplish with this?
Are you saying you want to route all traffic from one to another or route a service or something?
Maybe some more information could produce better solutions.
Why can’t you use a site-to-site VPN (WG, Tailscale, OpenVPN, IPSEC, etc.)?
Certainly, we have pfSense servers in a data center with blocks of static IPs that we want to pass through to our other data center directly onto the VMs via a tunnel, for example, for cPanel servers, etc.
Sounds like policy based routing would be something to look into. I haven’t done this yet, but it is on my short list.
I don’t know what this is called in pf, but for netfilter it is done with the connmark flag. This tag can be applied to the flow rather than individual packet, so “This permits routing of packets originating from different sources to different networks even when the destinations are the same and can be useful when interconnecting several private networks.” link
Ok thanks for this, I will look at it.
Assuming you have different IP space between data centers, you should be able to NAT your public IPs to the servers located at site B. Just make sure you have a route in place to send it across your IPSec tunnel between sites.
Hi Fred, you think I can do it this way, and add the same private subnet (acting as tunnel) on the dmz interface on both side ?
Are you able to ping between the 2 sites today?
I don’t have set any IP on the dmz interface for now. I want to know how to adress it. I never work with routed tunnel.
Do you currently have a VPN tunnel setup between the two sites?
Yup but for others interfaces.