Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec three sites configuration

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amello
      last edited by

      I've setup three pfsenses for testing with the following configuration:

      pf1:
      WAN x.x.x.82, IP Alias: x.x.x.83, x.x.x.84, x.x.x.85. All part of my statics x.x.x.81/29.
      LAN 10.10.10.0/24

      pf2:
      WAN x.x.x.81 (1st IP for my statics)
      LAN 10.10.20.0/24

      pf3
      WAN DHCP from Comcast (I update my DNS services with pf to ensure it is registered and it's working fine)
      LAN 10.10.12.0/24

      Both tunnels are connected.

      I've created a an IPSec tunnel between pf1 and pf3 and all works fine.

      When created the IPSec tunnel between pf1 and pf2, it connects but I can reach any LAN IPs from any side. While on a 10.10.10.x box I can't access a 10.10.20.x box, like I can from 10.10.10.x to 10.10.12.x.

      Is this because pf1 and pf2 are part of the same public subnet? pf1 uses the 2nd, 3rd, 4th, and 5th  IPs and pf2 uses the 1st IP of my 5 statics.

      Any help will be appreciated.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • J
        jlevesque
        last edited by

        is the phase 2 connecting also?

        are you using 81 to 82 or to another alias?

        what is your ipsec configuration?

        1 Reply Last reply Reply Quote 0
        • A
          amello
          last edited by

          @jlevesque:

          is the phase 2 connecting also?

          I think they are. See pic ipsecs.png attached.

          are you using 81 to 82 or to another alias?

          81 is not an alias and 82 is the pf1 WAN interface.

          what is your ipsec configuration?

          See IPSec Configuration screens attached. Both tunnels are configured the same with each one specific Public IPs. (IPs and keys removed for security reasons).

          ipsecs.png
          ipsecs.png_thumb
          ![p1 1of2.png](/public/imported_attachments/1/p1 1of2.png)
          ![p1 1of2.png_thumb](/public/imported_attachments/1/p1 1of2.png_thumb)
          ![p1 2of2.png](/public/imported_attachments/1/p1 2of2.png)
          ![p1 2of2.png_thumb](/public/imported_attachments/1/p1 2of2.png_thumb)
          ![p2 1of2.png](/public/imported_attachments/1/p2 1of2.png)
          ![p2 1of2.png_thumb](/public/imported_attachments/1/p2 1of2.png_thumb)
          ![p2 2of2.png](/public/imported_attachments/1/p2 2of2.png)
          ![p2 2of2.png_thumb](/public/imported_attachments/1/p2 2of2.png_thumb)

          1 Reply Last reply Reply Quote 0
          • A
            amello
            last edited by

            Not resolved, so adopted another solution for the 2nd tunnel.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.