[SOLVED] Hub and Spoke with IKE Mobile
-
Hello, I can't seem to get an IPsec tunnel up between my hub and a spoke using the IPsec mobile subnet. Here is information/config
Main Office (Hub)
192.168.1.0/24 (LAN SUBNET)
192.168.253.0/24 (IPsec mobile client Virtual Address Pool)Spoke 1
10.5.1.0/24 (LAN SUBNET)Spoke 2
10.20.1.0/24 (LAN SUBNET)Now - I've been able to successfully connect Spoke 1 and Spoke 2 through the hub (I don't actually need this, was only a test)
Trying the same configuration except changing the IP addresses in scheme with the Mobile Client address pool leads to the Phase 2 between the Hub and Spoke 2 to never come up.
http://i.imgur.com/Cf2Mr9Y.png -
I was able to get it to work by doing the following (for any future readers). I have Windows 10 and wanted to use the built-in VPN for a number of reasons (VPN before logon, ease for users, etc)
My pfSense mobile client is set up a EAP-RADIUS. I created a Powershell script:
Add-VpnConnection -Name "VPN NAME" -ServerAddress xxx.xxx.xxx.xxx -AllUserConnection $true -SplitTunneling $true -AuthenticationMethod MSChapv2 -TunnelType Automatic -EncryptionLevel Required -PassThru Add-VpnConnectionRoute -ConnectionName "VPN NAME" -DestinationPrefix 10.20.1.0/24 Add-VpnConnectionRoute -ConnectionName "VPN NAME" -DestinationPrefix 192.168.1.0/24
You need to Add-VpnConnectionRoute for any of the subnets that you will access over the VPN.