Multiple IPsec tunnels; first tunnel up fails when the second tunnel connects
-
I have a corporate office site, site a. I have two remote sites, site B and site C
The remote sites each connect to site a through a ipsec VPN successfully using Phase 1 and Phase 2 settings for both. When both VPNs are connected only one site is able to communicate with sight a at a time.
The last VPN to connect is the one that still maintains traffic.
All devices involved for the VPN are pfSense SG 3100. Looking for guidance any help is appreciated.
Site A: 192.168.10.1 /24
Site B: 192.168.20.1 /24
Site C: 192.168.30.1 /24
Hub and spoke topology, with Site A being the hub.
Thanks,
-
All devices are on release:
2.4.5-RELEASE-p1 (arm)
built on Tue Jun 02 17:45:24 EDT 2020
FreeBSD 11.3-STABLE -
Something is conflicting if that's the case.
Is the main site behind some other router perhaps?
I could imagine a state conflict with two ESP connections forwarded to the same IP.
Try forcing them to use NAT-T if that could be happening.Steve
-
@stephenw10 said in Multiple IPsec tunnels; first tunnel up fails when the second tunnel connects:
mething is conflicting if that's the case
The all devices are WAN edge devices. I essentially did a stare and compare from a known working config from another set up I had in service. The difference was the hub site was a virtualized pfSense firewall.
In the process I did remove all rules and tunnels and rebuilt them from scratch with bringing up each tunnel individually with success, but came to the same result of the tunnels not being able to pass traffic to the hub with both of them connected. I may play with it again here soon, but I had to get them up since they were in production.
Ended up using one OpenVPN tunnel and one IPSec tunnel successfully on the first attempt.I looked at this multiple times, even had a second set of eyes go over the tunnels and rules. with breaks in the attempts to reset my thought process to make sure I was not misconfiguring the IPSect tunnels.
