IPSec three sites configuration

amello

I've setup three pfsenses for testing with the following configuration:

pf1:
WAN x.x.x.82, IP Alias: x.x.x.83, x.x.x.84, x.x.x.85. All part of my statics x.x.x.81/29.
LAN 10.10.10.0/24

pf2:
WAN x.x.x.81 (1st IP for my statics)
LAN 10.10.20.0/24

pf3
WAN DHCP from Comcast (I update my DNS services with pf to ensure it is registered and it's working fine)
LAN 10.10.12.0/24

Both tunnels are connected.

I've created a an IPSec tunnel between pf1 and pf3 and all works fine.

When created the IPSec tunnel between pf1 and pf2, it connects but I can reach any LAN IPs from any side. While on a 10.10.10.x box I can't access a 10.10.20.x box, like I can from 10.10.10.x to 10.10.12.x.

Is this because pf1 and pf2 are part of the same public subnet? pf1 uses the 2nd, 3rd, 4th, and 5th IPs and pf2 uses the 1st IP of my 5 statics.

Any help will be appreciated.

Thanks!

jlevesque

is the phase 2 connecting also?

are you using 81 to 82 or to another alias?

what is your ipsec configuration?

amello

@jlevesque:

is the phase 2 connecting also?

I think they are. See pic ipsecs.png attached.

are you using 81 to 82 or to another alias?

81 is not an alias and 82 is the pf1 WAN interface.

what is your ipsec configuration?

See IPSec Configuration screens attached. Both tunnels are configured the same with each one specific Public IPs. (IPs and keys removed for security reasons).

![p1 1of2.png](/public/imported_attachments/1/p1 1of2.png)
![p1 1of2.png_thumb](/public/imported_attachments/1/p1 1of2.png_thumb)
![p1 2of2.png](/public/imported_attachments/1/p1 2of2.png)
![p1 2of2.png_thumb](/public/imported_attachments/1/p1 2of2.png_thumb)
![p2 1of2.png](/public/imported_attachments/1/p2 1of2.png)
![p2 1of2.png_thumb](/public/imported_attachments/1/p2 1of2.png_thumb)
![p2 2of2.png](/public/imported_attachments/1/p2 2of2.png)
![p2 2of2.png_thumb](/public/imported_attachments/1/p2 2of2.png_thumb)

amello

Not resolved, so adopted another solution for the 2nd tunnel.