Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    multi Phase 2 with vti IPsec and tunnel for Site-to-Site IPsec for Internet Traffic

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 208 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      seitle
      last edited by

      Hello

      I have the following setup:
      pfSense site A
      WAN 123.123.123.1
      LAN 192.168.1.0/24
      DMZ 192.168.2.0/24

      pfSense site B
      WAN 123.123.123.10 (and virtual IP 123.123.123.11)
      LAN 192.168.10.0/24

      I have a routed vti IPsec tunnel between site A and site B with static routes for 192.168.1.0/24 and 192.168.10.0/24 which is working fine.

      Now i wanted to add a site-to-site tunnel for the DMZ on site A and the pfSense on Site B. The internet traffic should be routed thourgh the ipsec tunnel.
      I followed the following tutorial:
      https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routing-internet-traffic-through-a-site-to-site-ipsec-vpn.html

      For this scenario i added a second phase 2 entry:
      e0acba58-0f26-4af8-b5d0-41f2698cc60e-grafik.png

      Everything is also configured on the other side.
      The traffic from 192.168.2.0/24 to the internet always uses the gateway on site A, but i want it to be tunneld through the IPsec tunnel to site B. After some time everything breaks and nothing works anymore.

      It seems that 192.168.2.0/24 used the routed vti interface.

      Is there something wrong in my configuration?

      Thank you.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.