Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MULTI IPSEC CONNECTION / PFSENSE A - B - C

    Scheduled Pinned Locked Moved IPsec
    10 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GoldenShark
      last edited by

      Hello all,

      I have 4 different branches 4 different WAN 4 different IPSEC Configuration within PFSENSE.

      But When I try to connect to Open VPN Client, I only see the network what I am connected to

      What I mean ;

      I connected with openvpn to PfsenseA but i only see PFsenseA - Lan Network ( cant see PfSense B - C -D Lan nets ) so , I want to see the all network "IP SEC Configurations" when I connect to the X PFSense via OpenVPN

      is there any solution to this opinion?

      Thanks so much.

      1 Reply Last reply Reply Quote 0
      • G
        GoldenShark
        last edited by

        No,  what I mean,

        I've already configured IPSec for 4 different branches and I've connected one to another.
        ,
        But, I can ping only this network what I connected. I can not ping other PFSense Lan Networks

        BUT!! PFSense's are configured already to other branches

        Like :

        PFSENSE A ;
        IPSEC CONFIGURES
        TO B
        TO C
        TO D

        PFSENSE B :
        TO A
        TO C
        TO D

        etc.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          You probably have to add the OpenVPN tunnel/remote networks as phase 2 networks on all the IPsec nodes so they know to send traffic for that network over the tunnel.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • G
            GoldenShark
            last edited by

            @Derelict:

            You probably have to add the OpenVPN tunnel/remote networks as phase 2 networks on all the IPsec nodes so they know to send traffic for that network over the tunnel.

            unfortunately there is no option about IPSEC or OPENVPN LAN Network to add tunnels phase's.

            here the picture : http://prntscr.com/g3czr1

            Can you connect to my computer with team viewer if you have free time for me ?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              So you add a Network type with the proper OpenVPN tunnel network to both sides.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • G
                GoldenShark
                last edited by

                @Derelict:

                So you add a Network type with the proper OpenVPN tunnel network to both sides.

                I could not find the thing what you mentioned.

                Do you have any picture or topic ?

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Select Network there and put the OpenVPN tunnel in the network fields

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • G
                    GoldenShark
                    last edited by

                    @Derelict:

                    Select Network there and put the OpenVPN tunnel in the network fields

                    I still couldn't find what you say from VPN Settings.

                    Do you have any pictures or details?

                    Please.. it's really urgently for me last one week my all works are stopped because of this issue..

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      If your OpenVPN Tunnel network is 192.168.100.0/24, do something like this substituting the proper remote network, of course.

                      That will need the reciprocal settings on the other side.

                      ![Screen Shot 2017-08-03 at 11.02.09 AM.png](/public/imported_attachments/1/Screen Shot 2017-08-03 at 11.02.09 AM.png)
                      ![Screen Shot 2017-08-03 at 11.02.09 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-08-03 at 11.02.09 AM.png_thumb)

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • G
                        GoldenShark
                        last edited by

                        @Derelict:

                        If your OpenVPN Tunnel network is 192.168.100.0/24, do something like this substituting the proper remote network, of course.

                        That will need the reciprocal settings on the other side.

                        You`re totaly right

                        I just added my open pn tunnel network to ipsec phase 2

                        It works !

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.