Reach another network through an IPSEC Tunnel (PFSENSE 2.1.5)
-
If you want every network to talk to every other network, have you considered a full mesh network, such as tinc?
-
Hi kejianshi,
I have not considered TINC, actually I didnt even know it exists.
Based on the info I provided, do you think it would be possible to communicate Site A and Site C?
Do you have experience with TNIC? Consideration TNIC vs IPSEC?
Thank you.
-
No - But a while ago me and a librarian talked about this since she was having problems similar to yours with having multiple sites and wanting all sites to talk equally with all other sites and she went with tinc and reported that it worked well.
I haven't had a need for it, but she did and said it worked well. That was a year or two ago.
-
I will give it a shot then.
Do you know if TNIC is an additional package to install on PFSENSE?
Fully compatible?So, your closing thoughts for this particular network configuration are that with IPSEC there's no way to satisfy my needs?
-
Tinc worked fine for her when she was having same issues as you and tinc is a package in pfsense.
I have never tried to use ipsec to do what you need because I consider ipsec to be an enormous pain in the rear.
I've used it abit in the past, but for every use scenario I had for it, using openvpn always seemed much better and reliable.
-
You know, I was having sort of a similar problem with wanting resources at lots of different resources to be able to see each others web pages without having to have it open to the world. The problem was easily solved by installing IPV6 static addresses to the pfsense routers and clients and allowing those addresses on the WAN of all the pfsense boxes.
So, now all my sites all visible from each individual site. I love IPV6. Its just too simple.
-
Another guy was having similar issues and he set up tinc today and said it worked great was easy and was going to stick with it.
-
Interesting.
Did he post his experience here in the community forums?
-
Yes - very briefly.
-
This network is not IPV6 ready yet…
I have not experience with Openvpn. Do you know if this will work with this protocol instead of TINC? I feel like Openvpn would be more robust and stable than TINC running on PSENSE.
Any thoughts?
-
For your applications, TINC is better - But a pfsense openvpn client with a TAP interface can do it.
I really only use openvpn for "road warrior" type configurations on end clients.
I think thats what it does best.
But it is flexible and if you handle routing correctly you can get what you want from it.