setup ipsec hub and spokes
-
So I need to setup a hub and 2 spokes and it currently looks like this
hub ipsec
p1 hub to site a
-p2: site a lan to site a lan
-p2: site b lan to site a lan
p1 hub to site b
-p2: hub lan to site b vlan
-p2: site a lan to site b vlansite a ipsec
p1 site a to hub
-p2 site a lan to hub lan
-p2 site a lan to site b vlansite b ipsec
p1 site b to hub
-p2 site b vlan to hub lan
-p2 site b vlan to site a lanI can ping from site a to hub and site b to hub, but I can't seem to reach site b from site a. Many resources I've read says this is how ipsec hub and spoke is setup, and I also checked firewall rules to make sure everything is allowed to pass through. At this point I'm not sure what the problem is, could it be because site b is using vlan?
Thanks in advance!
-
@snease
Double check your configs, if all is pfsense, check your rules, I know this type of setup works even on non-routed ipsec mode. Maybe sniff out some traffic? -
Thanks for the response @jgraham5481! After your comment I went on to check ipsec log and it turns out site b has an issue with dns and ipsec tunnel wasn't even established. At least now I can move on to solve the issue, thanks again!
-
piggy back off this thread, I have a mobile client ipsec tunnel set up on site a, and I've been trying to figure out a way for that mobile client (sub net 192.168.117.x) to reach site b in that hub and spokes structure. I tried adding a new p2 to the site a -> hub p1 with local subnet being 192.168.117.x remote subnet being the hub subnet. On the hub I added p2 with local being hub subnet and remote 192.168.117.x subnet. So far the mobile client can't connect to hub. I'm not too experienced with setting up tunnels using ipsec, does anyone have success in setting up similiar network?