Phase 2 question
I'm new to pfsense and I'm doing an ipsec site-to-site vpn. latest version
site 1 :
site 2 :
do I have to create a phase 2 for every subnets (kind of a full mesh) ?
A to D
A to E
B to D
B to E
C to D
C to E
D to A
D to B
D to C
E to A
E to B
E to C
I hope not…that's a lot of configuration when you have a lot of subnets
BTW, I can't do CIDR in that case...
andipandi last edited by
This should work nicely with Alias.
Just go to Firewall->Alias and add the subnets to an alias, and use that in IPSEC rules.
I have not tried that there yet, but use it at other places for similar rules ("complicated" networks).
yeah looks like a very good idea but it seems we can't use alias in ipsec configuration
:'( :'( :'(
no one has an idea on how to do it ?
Aliases won't work there. You will either have to make each combination of P2 or, if the subnets are next to each other and line up nicely, summarize them with a larger mask.
If you can provide some more detail about the networks (even just the last 2-3 octets), perhaps we can offer some suggestions about how to craft the P2s