Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Sire setup with more than one external IP address

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 764 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      KDog
      last edited by

      Hello all,

      I am trying to setup another site-site IPsec channel (I already have several IPsec channels up/running no problems, using my main IP1 external IP). Internet connections at both sites have more than one external IP addresses, as well as the main IP address (which all external traffic uses except for those with one-one NAT rules for a few servers etc).

      I want to setup the new channel to use one of the other external IP addresses (IP2), not the main one (IP1).
      I have setup the PfSense side as using the external IP address I want (say ip2) as the Local ID, and this shows up under status no problems, however the Local IP under status is still IP1 (not IP2), traffic is showing up on the other site as IP1 (not IP2).

      The only gateway I have is the one assigned through the PPOE connection. Do I need to add IP2 as a gateway, if so how do I assign it to this IPsec channel only? Or do I use a route? No idea what to do here to get the IPsec traffic out of IP2.

      Any help appreciated.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You should be able to select a specific VIP in the Interface pulldown in the Phase 1.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • K
          KDog
          last edited by

          Thank you.

          Ok, I created a VIP alias and the label IP and the connection starts with the correct IP addresses.

          However in the IPsec logs I receive the following error.

          "06[NET] <con2000|506>sending packet: from VIP[500] to site2-IP[500] (400 bytes)
          "03[NET] error writing to socket: Can't assign requested address"

          And the packets don't show up at the second site (which is expected if the error description is accurate).

          Any idea what I haven't configured correctly?</con2000|506>

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.