I have a router-router IPSEC VPN and am struggling to get a specific ip to go through the vpn instead of out to the internet. How does my router know whether to send traffic via the internet connection or through the vpn? The router on this side is running pfSense.
If I tracepath a local address on the vpn'd network it works and I get:
1: localghost.local (10.44.35.103) 0.109ms pmtu 1500
1: router.office1.blah.co.uk (10.44.35.1) 0.401ms
1: router.office1.blah.co.uk (10.44.35.1) 0.379ms
2: 213.123.59.222 (213.123.59.222) 58.295ms
3: 10.199.2.3 (10.199.2.3) 49.900ms reached
where router.office1.blah.co.uk is on one side of the vpn and 213.123.59.222 on the other.
But when I try to 171.28.18.50 it doesn't go down the vpn:
1: localghost.local (10.44.35.103) 0.117ms pmtu 1500
1: router.office.blah.co.uk (10.44.35.1) 0.415ms
1: router.office.blah.co.uk (10.44.35.1) 0.385ms
2: router.office.blah.co.uk (10.44.35.1) 0.414ms pmtu 1492
2: lns3.uan.the.uk.murphx.net (94.30.127.74) 38.651ms
Best Answer
With routes; you can do this from pfsense's Static Routes menu.
You need to have a route in place that tells your router where to forward packets to: either a host on the same network or another router that knows where to forward the packets to, and so on, until it reaches it's destination.
However, 171.28.18.50 is not a RFC1918 private address, so unless this is just an example IP for ServerFault, you likely don't have a route for this on either router besides the default route, which would be your next-hop gateway given to you by your ISP.