Route mobile IPSec traffic to the other end of a site-to-site tunnel

  • First of all, hello!

    i have a rookie routing problem  :-
    I have a pfSense box setup with 1 site to site ipsec tunnel and 1 mobile ipsec client.
    While the traffic is flowing between the pfS box and the remote lan and also between the pfS box and the mobile client, I cannot connect from the mobile (android) client to the site-to-site's remote end.
    The mobile android client gets a address from a virtual subnet on the pfS box.
    Seems to be a routing problem, but i'm missin it. Could anybody point me in the right direction ? Static routes, pointing to ?

    Edit: I'll add a basic network layout to get the picture clearer. So i need to access the computers on Site 1 from the mobile device on Site 2. How could i accomplish this ?

  • Updated the first post to make myself clearer, meybe anybody is willing to shed some light into this :)

  • Anybody ? Can this (make all tunnels interroutable) even be done in pfSense or do i need a separate spoke to spoke tunnel ? If not then i have to start messing with SoftEther again, wich worked fine except it didn't like my cisco rv320.

  • Just need another P2 that matches the mobile address pool.

  • @cmb:

    Just need another P2 that matches the mobile address pool.

    Thank you for the reply. I now tried to add a second P2 with the mobile virtual subnet to the pfS to RV320 tunnel, didn't help.

  • The P2 has to exist on both sides.

  • As cmb said before: You have to setup the corresponding phase 2 on both sites.

    Site 0 config:
    local subnet:
    Remote subnet:

    Site 1 config:
    local subnet:
    remote subnet:

    Another point may be, that your phase 2 on your mobile phase 1 of Site0 is configured wrong. Try there as local subnet

Log in to reply