multi Phase 2 with vti IPsec and tunnel for Site-to-Site IPsec for Internet Traffic
seitle last edited by
I have the following setup:
pfSense site A
pfSense site B
WAN 184.108.40.206 (and virtual IP 220.127.116.11)
I have a routed vti IPsec tunnel between site A and site B with static routes for 192.168.1.0/24 and 192.168.10.0/24 which is working fine.
Now i wanted to add a site-to-site tunnel for the DMZ on site A and the pfSense on Site B. The internet traffic should be routed thourgh the ipsec tunnel.
I followed the following tutorial:
For this scenario i added a second phase 2 entry:
Everything is also configured on the other side.
The traffic from 192.168.2.0/24 to the internet always uses the gateway on site A, but i want it to be tunneld through the IPsec tunnel to site B. After some time everything breaks and nothing works anymore.
It seems that 192.168.2.0/24 used the routed vti interface.
Is there something wrong in my configuration?