Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC single host Phase 2

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 512 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netnewb
      last edited by

      Hi,

      I don't have experience with IPSEC. Here's the short version: host on Site A, can connect to the LAN subnet on site B, even though there's no Phase 2 entry for it.

      I have 2 x SG-2220 pfsense version 2.3.4 and I'm trying to make an IPSEC connection between them. They are on different public IPs.

      Simplified network diagram:

      Site A LAN subnet: 192.168.1.0/24
      Site B LAN subnet: 192.168.2.0/24

      NAS on site A: 192.168.1.1
      NAS on site B: 192.168.2.1

      I want to connect some laptops from the 2 different sites to the 2 NAS boxes, but I don't want other network devices to communicate through the IPSEC tunnel. I know I can make rules for that, but I want to understand how this works.

      Phase 1 seems to work properly and I've setup P2 like this:

      Site A:
      Local Subnet          Remote Subnet
      LAN                        192.168.2.1
      192.168.1.1            192.168.2.0/24

      Site B:
      Local subnet          Remote Subnet
      LAN                      192.168.1.1
      192.168.2.1          192.168.1.0/24

      Now all I'd have to do, is create firewall rules to allow incoming traffic from different hosts to the NAS.

      During setup, I created a firewall rule on site B to allow traffic from 192.168.1.2 (a laptop) to any.

      I can access any host on site B from 192.168.1.2, for example from 192.168.1.2 to 192.168.2.10.

      Is this normal?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.