Multiple VTI IPSEC tunnels with /30 on same 192.168.X.0 ?

Yathus

Hello,

I have a pfsense 2.4.5 in my datacenter, it handle multiple ipsec site-2-site tunnels.
i tried to use a /30 for 2 of them and it break everything.

Example for P2 :
siteA : 192.168.34.1/30 -> siteB 192.168.34.2/30
siteA: 192.168.34.5/30 -> siteC 192.168.34.6/30

With these configuration i can't have both tunnel up, it's siteA <-> siteB or siteA <-> siteC

To fix these i have to change adresse used in P2 :
siteA : 192.168.49.1/30 -> siteB 192.168.49.2/30
siteA: 192.168.34.5/30 -> siteC 192.168.34.6/30

did i miss something ?

May be it's because one my client is not on latest version ? (2.4.4-p2)

Thanks

Yathus

jimp

@yathus said in Multiple VTI IPSEC tunnels with /30 on same 192.168.X.0 ?:

May be it's because one my client is not on latest version ? (2.4.4-p2)

That is likely the case. Some older versions didn't properly respect the configured subnet mask for VTI interfaces. Update both to a current version and try again.