IPSec routing question
-
I have 5 pfSense boxes:
Main Office: 172.16.180.0 / 24 (this is the pfSense box configured to accept IPSec mobile clients)
Remote Site 1: 172.31.0.0 / 24
Remote Site 2: 172.31.1.0 / 24
Remote Site 3: 172.31.2.0 / 24
Remote Site 4: 172.31.3.0 / 24
I have the boxes establishing the tunnels just fine. Now, there are several other subnets available through the default gateway at the main office. How would I allow these remote sites access to these subnets (172.16.0.0 / 24, 172.16.1.0 / 24, 10.30.0.0 / 16, etc.)?
-
I think normally you cant do that with routing inside pfsense. But it should possible if you use other subnet masks. In your case (cause of the 172.16.180.0) you should use the full 172.16.X.X - 172.31.X.X range in ipsec settings of all pfsense boxes!
-
I have 5 pfSense boxes:
Main Office: 172.16.180.0 / 24 (this is the pfSense box configured to accept IPSec mobile clients)
Remote Site 1: 172.31.0.0 / 24
Remote Site 2: 172.31.1.0 / 24
Remote Site 3: 172.31.2.0 / 24
Remote Site 4: 172.31.3.0 / 24
I have the boxes establishing the tunnels just fine. Now, there are several other subnets available through the default gateway at the main office. How would I allow these remote sites access to these subnets (172.16.0.0 / 24, 172.16.1.0 / 24, 10.30.0.0 / 16, etc.)?
On a static route that you add for routing traffic to those subnets use /20 mask
This will route the range 172.31.0.1 - 172.31.15.254