IPSec Mobile to an other network IPSEC
-
Good morning, sir,
Here is the network diagram of my infrastructure:
Network 1 --> Network 2 OK
Network 1 --> Network 3 NO
Network 2 --> Network 3 OKNetwork 2 --> Network 1 OK
Network 3 --> Network 1 NO
Network 3 --> Network 2 OKIs it possible to create a phase 2 that mentions access to Network 1 through the normal IPSec tunnel?
Network 3 = Mobile it created by Pfsense of network 2
-
Yes, its possible.
You need to keep an eye on the IP networks you provide to the mobile clients.
Check here for further details:
Mobile Config
and Site to site Tunnel:
S2S with multiple Networks
Unfortunately in German but Google Translator is your friend here. -
Network 1 = 192.168.26.0/24
Network 2 = 172.16.26.0/24
Network 3 = 172.16.30.0/24I can change the network 3 address range but it might be complicated for the others.
The method presented in the link you sent me is impossible with such different network addresses right? " 192 and 172"
I check with network captures, pfsense of network 2 receives the ping to go up to network 1 but does not send it back in the ipsec tunnel so does not arrive at destination.
I think I need NAT or a route that says "Source: 172.16.30.0/24 ; Destination: 192.168.26.0/24; Send in tunnel.
-
The guy at administrator.de has posted a full solution to your design:
Client VPN with 2 networks -
Thank you very much, that's perfect.
Everything works perfectly!
I still had to do an "f-route" as administrator to make it work.
As well as a reboot of my "client" machine, of the Ipsec service but also of each tunnel.You are an extraordinary person, thank you very much.