Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    S2S IPSec With VTI Questions

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 186 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jlw52761
      last edited by

      Question arrising from an odd situation. I have three sites, two of them with 2 HA pfSense. One of the sites is the hub for the other two, and the hub does have two firewalls. For a few years I have a S2S between all the firewalls in a matrix fashion using VTI, and all has worked, with each VTI pair being it's own /30. For some reason some of the remote VTI's on the subnet now longer seem to be pingable, can't figure out why.
      My question is, do I really need to have seperate /30's for each VTI pair or can I use a large /24 for ALL VTIs and make life a little simpler? Mocking everything up in GNS3 shows that it works, but not sure what the real world ramification of this would be. Thinking about just adding a new P2 to each connection and then removing the old P2, so that pairs that are working don't die suddenly.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.