Setup route to servers on the other side of ipsec vpn tunnel

  • Hello,
    I have a Pfsense setup with 2 wan (in carp), so I have:

    First WAN:
    pfs1 wan ip:
    pfs2 wan ip:
    pfs wan vip:

    Second WAN:
    pfs1 wan2 ip:
    pfs2 wan2 ip:
    pfs wan2 vip:

    I have a main vlan: and the address on Pfsense are:
    pfs1 lan ip:
    pfs2 lan ip:
    pfs lan vip:
    In the network, down to the 2 firewalls, there are 2 main switches with L3 routing configured and in hsrp:
    swi1 ip:
    swi2 ip:
    swi vip:
    There is a route like this:
    Now I have a second vlan that I need that route on a second wan and also communicate with the main vlan; as for the first, there is an hsrp configuration on the switch:
    swi1 vlan7:
    swi2 vlan7:
    swi vip:

    My customer asked to create an ipsec vpn and I have done it, I can see the tunnel up, but I have issue to create a route to ping the servers on the customer sitein phase 2, I set:

    Local Subnet:
    Remote Subnet: and

    Now, on my switches I have no network for and sincerely I don't know how to setup the route to ping the addresses on Remote Subnet: how to proceed?

    I have other 2 vpn but they have the main subnet ( as Local Subnet so I haven't encountered any issue with routing.


  • Hello,

    a thing that I have found on another forum is to create another P2 phase and insert as local network my main vlan ( and as remote network the address user as local in the other phase P2, i.e.; the tunnel start but I can't ping the address and

    Any other suggestion about, for exmple, the rules to use?

  • Other little step was to create on switches the network and then a virtual machine with ip with this I can ping the servers on the other side.
    To do this I also created a static route like in the image:


    so the network has as gateway

    Then I opened a rule on LAN interface versus like in the image:

    0_1540305156285_rules_vpn_ipsec .png

    After this I can ping from to and

    How to communicate from LAN network to and is it possible to set a route? Where?

    Please if you have any idea let me know.

Log in to reply