Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Site-to-Site SPD not matching Phase2 Policies

    IPsec
    1
    1
    58
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      plep
      last edited by

      Hi,

      I have a weird problem with IPSEC VPN:
      pFsence version: 24.11 on Netgate 2100 MAX.
      Remote device is a Mikrotik Router.

      LAN Subnet = 192.168.60.0/24
      OPT1 Subnet = 10.1.0.0/24
      OPT4OCIPE Subnet = 192.168.189.0/24

      What I try to achieve is to encrypt:
      LAN Subnet (192.168.60.0/24) <-> 192.168.200.0/24
      OPT1 Subnet (10.1.0.0/24) <-> 192.168.200.0/24
      OPT4OCIPE Subnet (192.168.189.0/24) <-> 0.0.0.0/0

      Example working Correctly:
      Phase 2 Policies:
      ebde7be9-82cc-49fc-9800-eac6525b9b16-image.png

      SPDs:
      7bbbfea2-02ff-457f-9e99-bb4e317500d0-image.png

      Example causing Issues, when I add a 3rd P2 Policy to encrypt all traffic (0.0.0.0/0) from OPT4OCIPE (192.168.189.0/24)

      Phase 2 Policies:
      27525aa1-00d5-492f-8cb5-afc7e40b89bd-image.png

      SPDs circled in RED should not be present. It is encrypting traffic which is not supposes to be encrypted.
      4d8e0bf4-dc2a-4d02-94e9-c77c2cf9d41d-image.png

      Let me know if any of you have idea of what I did incorectly. I can provide more info if required.

      On the other side of the VPN tunnel, the Phase2 policies and SPDs are correct.

      Thx.

      PLP.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.