Second phase 2 entry not working on mobile IPSec tunnel



  • Hello all. I followed this document to set up a mobile IPSec tunnel. https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev1-xauth.html

    Everything works as expected with the single phase 2 entry for the LAN subnet (192.168.1.0/24). When I added a second phase 2 entry for LAN2 (192.168.2.0/24), nothing seems to change on my client. I can still get to LAN, but not LAN2. The second phase 2 entry is just a copy of the first with the "local network" changed. My firewall rule for the IPSec zone is set to allow all traffic.

    Is there something I am missing? in the doc, "Add additional phase 2 entries for additional local networks if necessary" made it seem like all I needed to do was add the second entry and everything else should stay the same.


Log in to reply