Phase 2 question
-
Hi,
I'm new to pfsense and I'm doing an ipsec site-to-site vpn. latest version
site 1 :
subnets A,B,C
site 2 :
subnets D,Edo I have to create a phase 2 for every subnets (kind of a full mesh) ?
example :
site 1
A to D
A to E
B to D
B to E
C to D
C to Esite 2
D to A
D to B
D to C
E to A
E to B
E to CI hope not…that's a lot of configuration when you have a lot of subnets
BTW, I can't do CIDR in that case...
thanks !
-
This should work nicely with Alias.
Just go to Firewall->Alias and add the subnets to an alias, and use that in IPSEC rules.
I have not tried that there yet, but use it at other places for similar rules ("complicated" networks).
-
yeah looks like a very good idea but it seems we can't use alias in ipsec configuration
:'( :'( :'(
-
no one has an idea on how to do it ?
-
Aliases won't work there. You will either have to make each combination of P2 or, if the subnets are next to each other and line up nicely, summarize them with a larger mask.
If you can provide some more detail about the networks (even just the last 2-3 octets), perhaps we can offer some suggestions about how to craft the P2s
