Accessing one IPSec endpoint from another?



  • Not sure if this is IPSec or routing, but I suspect more routing than IPsec so giving it a whirl here. I'm a generalist more than network guy so I'm not a star when it comes to more advanced networking topics. Anyway…

    The main office has a pfSense install. A branch office has another, and an IPSec VPN (the "normal" /24 network IPSec VPN setup). There is also a third party that has a /24 VPN to the main office, same deal.

    The third party needs to access a device in the main office via the VPN and that works, very straightforward.

    However, now the same third party would have a need to access a similar device in the branch office, which is behind another IPSec VPN hop, and obviously just specifying an IP to connect to won't get the job done.

    So can I do something with routes or whatnot on the main office pfSense so that the third party can just connect to an IP in the branch office? I have full control of the main and branch pfSenses, but not the third party firewall at all, though I suppose I could request changes there if need be.

    Ie, to sum up, the main office network being 192.168.44.0/24, the branch being 192.168.45.0/24; the third party currently connecting to 192.168.44.120 successfully over the IPSec VPN but needing to connect to 192.168.45.120 as well without setting up a second direct VPN to the pfSense in the branch office.

    Any pointers? Or is this somehow inherently not doable? Thanks.


Log in to reply