Route mobile IPSec traffic to the other end of a site-to-site tunnel



  • First of all, hello!

    i have a rookie routing problem  :-
    I have a pfSense box setup with 1 site to site ipsec tunnel and 1 mobile ipsec client.
    While the traffic is flowing between the pfS box and the remote lan and also between the pfS box and the mobile client, I cannot connect from the mobile (android) client to the site-to-site's remote end.
    The mobile android client gets a address from a virtual subnet on the pfS box.
    Seems to be a routing problem, but i'm missin it. Could anybody point me in the right direction ? Static routes, pointing to ?

    Edit: I'll add a basic network layout to get the picture clearer. So i need to access the computers on Site 1 from the mobile device on Site 2. How could i accomplish this ?



  • Updated the first post to make myself clearer, meybe anybody is willing to shed some light into this :)



  • Anybody ? Can this (make all tunnels interroutable) even be done in pfSense or do i need a separate spoke to spoke tunnel ? If not then i have to start messing with SoftEther again, wich worked fine except it didn't like my cisco rv320.



  • Just need another P2 that matches the mobile address pool.



  • @cmb:

    Just need another P2 that matches the mobile address pool.

    Thank you for the reply. I now tried to add a second P2 with the mobile virtual subnet to the pfS to RV320 tunnel, didn't help.



  • The P2 has to exist on both sides.



  • As cmb said before: You have to setup the corresponding phase 2 on both sites.

    Site 0 config:
    local subnet: 192.168.111.0/24
    Remote subnet: 192.168.2.0/24

    Site 1 config:
    local subnet: 192.168.2.0/24
    remote subnet: 192.168.111.0/24

    Another point may be, that your phase 2 on your mobile phase 1 of Site0 is configured wrong. Try there as local subnet 0.0.0.0/0.


Log in to reply