Phase 2 question



  • Hi,

    I'm new to pfsense and I'm doing an ipsec site-to-site vpn. latest version

    site 1 :

    subnets A,B,C

    site 2 :
    subnets D,E

    do I have to create  a phase 2 for every subnets (kind of a full mesh) ?

    example :

    site 1
    A to D
    A to E
    B to D
    B to E
    C to D
    C to E

    site 2
    D to A
    D to B
    D to C
    E to A
    E to B
    E to C

    I hope not…that's a lot of configuration when you have a lot of subnets

    BTW, I can't do CIDR in that case...

    thanks !



  • This should work nicely with Alias.

    Just go to Firewall->Alias and add the subnets to an alias, and use that in IPSEC rules.

    I have not tried that there yet, but use it at other places for similar rules ("complicated" networks).



  • yeah looks like a very good idea but it seems we can't use alias in ipsec configuration

    :'( :'( :'(



  • no one has an idea on how to do it ?


  • Rebel Alliance Developer Netgate

    Aliases won't work there. You will either have to make each combination of P2 or, if the subnets are next to each other and line up nicely, summarize them with a larger mask.

    If you can provide some more detail about the networks (even just the last 2-3 octets), perhaps we can offer some suggestions about how to craft the P2s