IPSEC between 3 sites with no direct tunnel from A to C



  • I need some help to shed me some lights over an IPsec tunneling. Here I will explain on my current setup.

    Site A <-------IPSEC------> Site B (HUB) <------IPSEC------> Site C 192.168.10.1/24 192.168.20.1/24 192.168.30.1/24

    Tunneling from Site A to Site B & Site B to Site C are working fine. However Site A is not able to reach Site C directly and vice versa. And I also want for site A to carry site B LAN IP to communicate with site C.

    On Site A the phase 2 entry: Local: LAN Subnet Nat / Binat: None Remote: Network (192.168.20.1/24)

    On Site C the phase 2 entry: Local: LAN Subnet Nat / Binat: None Remote: Network (192.168.20.1/24)

    On Site B there are 2 IPSec Tunnels:

    Site A Phase 2 entry: Local: LAN Subnet Nat: None Remote: Network (192.168.10.1/24)

    Site C Phase 2 entry: Local: LAN Subnet Nat: None Remote: Networ (192.168.30.1/24)

    Kindly let me know if you may require any other information. Thank you in advance.



  • I would think at a minimum you would need to enter some routing rules in sites A & C. In site A, route traffic for 192.168.30.0 to site B. On site C do the opposite.



  • Also see this post, it is very similar to what you're trying to do and the OP lays out his solution nicely.
    https://forum.netgate.com/topic/143368/route-traffic-between-two-ipsec-tunnels/6


Log in to reply