Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Mobile to an other network IPSEC

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 671 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      Yazur
      last edited by Yazur

      Good morning, sir,

      Here is the network diagram of my infrastructure:

      network.png

      Network 1 --> Network 2 OK
      Network 1 --> Network 3 NO
      Network 2 --> Network 3 OK

      Network 2 --> Network 1 OK
      Network 3 --> Network 1 NO
      Network 3 --> Network 2 OK

      Is it possible to create a phase 2 that mentions access to Network 1 through the normal IPSec tunnel?

      Network 3 = Mobile it created by Pfsense of network 2

      1 Reply Last reply Reply Quote 0
      • L
        lfoerster
        last edited by

        Yes, its possible.
        You need to keep an eye on the IP networks you provide to the mobile clients.
        Check here for further details:
        Mobile Config
        and Site to site Tunnel:
        S2S with multiple Networks
        Unfortunately in German but Google Translator is your friend here.

        1 Reply Last reply Reply Quote 1
        • Y
          Yazur
          last edited by Yazur

          @lfoerster

          Network 1 = 192.168.26.0/24
          Network 2 = 172.16.26.0/24
          Network 3 = 172.16.30.0/24

          I can change the network 3 address range but it might be complicated for the others.

          The method presented in the link you sent me is impossible with such different network addresses right? " 192 and 172"


          I check with network captures, pfsense of network 2 receives the ping to go up to network 1 but does not send it back in the ipsec tunnel so does not arrive at destination.

          I think I need NAT or a route that says "Source: 172.16.30.0/24 ; Destination: 192.168.26.0/24; Send in tunnel.

          L 1 Reply Last reply Reply Quote 0
          • L
            lfoerster @Yazur
            last edited by lfoerster

            The guy at administrator.de has posted a full solution to your design:
            Client VPN with 2 networks

            Y 1 Reply Last reply Reply Quote 0
            • Y
              Yazur @lfoerster
              last edited by

              @lfoerster

              Thank you very much, that's perfect.
              Everything works perfectly!
              I still had to do an "f-route" as administrator to make it work.
              As well as a reboot of my "client" machine, of the Ipsec service but also of each tunnel.

              You are an extraordinary person, thank you very much.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.