IPSec -> How to push multiple routes?

mxc · Jan 14, 2017, 10:40 AM

Hi there,

I have set up IPSEC and can connect from my Ubuntu laptops using the strongswan network-manager plugin. We have several networks on the pfsense box and would like to route to the lan and the dmz network. How can we enable automatic routing of dmz traffic on the client/? Lan is 192.168.40.0/24 DMZ 192.168.50.0. Should this just occurr naturally when the option "Provide a list of accessible networks to clients" is checked under "Mobile Clients"?

Should I make changes on the server or the client?

thanks

mxc · Jan 14, 2017, 12:22 PM

Ok figured it out -> I just needed to add another phase 2 setting for the DMZ on the IPSEC configuration page. Hope this helps someone else. Probably obvious to others.

awair · Jan 21, 2017, 12:05 PM

Is this Site-to-Site? or mobile client?

Also did you add any firewall rules?

Finally, is it necessary to stop/restart IPsec service?

Sounds like it could be similar to my situation, but I'm using Site-to-Site.

Many thanks

awair · Jan 21, 2017, 4:58 PM

To answer (some of) my own questions:

I chose a reboot https://forum.pfsense.org/index.php?topic=124304.0