Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec and RIP

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      accesscapital
      last edited by

      Hi all,

      I'm begging to have doubts about whether what I'm trying to do will actually work or not, so I figured I'd run it past you all.

      I've got a couple of pfsense boxes scattered around and running IPSec tunnels for me. They've been great, very stable and nice to configure.

      Anyway, I'm trying to get a pfsense box to advertise it's IPSec tunnels over the local LAN via RIPv2. If I have a box that's 10.0.0.1 on my LAN and it brings up a tunnel to a remote network using 192.168.1.x, I'd like 10.0.0.1 to advertise to the other routers on the 10.0.0.x that it knows how to find 192.168.1.x.

      At the moment I think I've got it set up correctly, but the pfsense box isn't sending any RIP advertisements. Part of the problem might be that when I run a netstat -rn on the box while the tunnel is up, there's no route shown for the network at the other end of the tunnel. The traffic still gets there fine, it's just not listed in the local routing table.

      Any thoughts? Am I attempting the impossible?

      Cheers,

      Ryan

      1 Reply Last reply Reply Quote 0
      • A
        accesscapital
        last edited by

        I've been playing with this again today, and discovered that I must have broken something last time.

        I'm now seeing RIPv2 advertise packets when I sniff, but they don't contain any reference to the IP range at the other end of my IPSec tunnel.

        Here's an example packet, decoded by Wireshark.

        No.    Time        Source                Destination          Protocol Info
              7 180.006426  10.0.1.250            224.0.0.9            RIPv2    Response

        Frame 7 (106 bytes on wire, 106 bytes captured)
            Arrival Time: Oct 29, 2008 16:43:18.834316000

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.