Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup route to servers on the other side of ipsec vpn tunnel

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 1 Posters 335 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmangiante
      last edited by

      Hello,
      I have a Pfsense setup with 2 wan (in carp), so I have:

      First WAN:
      pfs1 wan ip: 93.145.101.15
      pfs2 wan ip: 93.145.101.16
      pfs wan vip: 93.145.101.14

      Second WAN:
      pfs1 wan2 ip: 88.45.191.138
      pfs2 wan2 ip: 88.45.191.139
      pfs wan2 vip: 88.45.191.140

      I have a main vlan: 192.168.0.0/24 and the address on Pfsense are:
      pfs1 lan ip: 192.168.0.31
      pfs2 lan ip: 192.168.0.32
      pfs lan vip: 192.168.0.30
      In the network, down to the 2 firewalls, there are 2 main switches with L3 routing configured and in hsrp:
      swi1 ip: 192.168.0.3
      swi2 ip: 192.168.0.2
      swi vip: 192.168.0.1
      There is a route like this: 0.0.0.0 0.0.0.0 192.168.0.30
      Now I have a second vlan that I need that route on a second wan and also communicate with the main vlan; as for the first, there is an hsrp configuration on the switch:
      swi1 vlan7: 192.168.7.7
      swi2 vlan7: 192.168.7.8
      swi vip: 192.168.7.254

      My customer asked to create an ipsec vpn and I have done it, I can see the tunnel up, but I have issue to create a route to ping the servers on the customer sitein phase 2, I set:

      Local Subnet: 10.175.69.10/32
      Remote Subnet: 10.64.3.46 and 10.64.3.80

      Now, on my switches I have no network for 10.175.69.10 and sincerely I don't know how to setup the route to ping the addresses on Remote Subnet: how to proceed?

      I have other 2 vpn but they have the main subnet (192.168.0.0/24) as Local Subnet so I haven't encountered any issue with routing.

      Marco

      1 Reply Last reply Reply Quote 0
      • M
        mmangiante
        last edited by

        Hello,

        a thing that I have found on another forum is to create another P2 phase and insert as local network my main vlan (192.168.0.0/24) and as remote network the address user as local in the other phase P2, i.e. 10.175.69.10; the tunnel start but I can't ping the address 10.164.3.46 and 10.164.3.80.

        Any other suggestion about, for exmple, the rules to use?

        1 Reply Last reply Reply Quote 0
        • M
          mmangiante
          last edited by

          Other little step was to create on switches the network 10.175.69.0/24 and then a virtual machine with ip 10.175.69.10: with this I can ping the servers on the other side.
          To do this I also created a static route like in the image:

          0_1540304884951_static_route_vpn_ipsec.png

          so the network 10.175.69.0/24 has as gateway 192.168.0.1

          Then I opened a rule on LAN interface versus 10.175.69.0/24 like in the image:

          0_1540305156285_rules_vpn_ipsec .png

          After this I can ping from 10.175.69.10 to 10.64.3.46 and 10.64.3.80.

          How to communicate from LAN network to 10.64.3.46 and 10.64.3.80: is it possible to set a route? Where?

          Please if you have any idea let me know.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.