Route IPSEC



  • I have 2 vpns IPSEC in my PFSENSE, how do I route these VPNs, so that one sees the other?


  • Rebel Alliance Developer Netgate

    IPsec tunnels don't "route"¹ , they use Phase 2 definitions to setup Security Associations that define which traffic will be able to cross each tunnel.

    So you need to add Phase 2 entries to both ends of every tunnel to match every combination of traffic you hope to send across the tunnel. So if you have tunnels A-B and A-C, you need phase 2 entries on A-B to pass traffic from B-C and on A-C to pass C-B and vice versa.

    ¹ well, until 2.4.4 and they have to support VTI