Remote Office can only have one tunnel up at a time
-
Home office LAN: 192.168.10.0
Home office OPT2: 10.1.12.0
|
Remote office LAN 192.168.40.0Both firewalls are on 2.4.5-RELEASE-p1 (amd64)
I want both home office networks to be connected to the remote office LAN network so I created two phase 2 entries on both ends. The problem is they only work if only one of them is enabled at a time. If I enable both at the same time, only the top LAN to LAN tunnel shows connected and works. If I then disable the top phase 2 entry, the bottom home OPT2 to remote LAN starts working.
Any help would be greatly appreciated. Roy...
-
Well this is beginning to look like a weird IPsec bug to me!
Home Office Phase 2 Entries:
192.168.10.0/24 to 192.168.40.0/24 ; Works!
192.168.11.0/24 to 192.168.40.0/24 ; Works!
10.1.12.0/24 to 192.168.40.0/24 ; Does Not WorkRemote Office Phase 2 Entries:
192.168.40.0/24 to 192.168.10.0/24 ; Works
192.168.40.0/24 to 192.168.11.0/24 ; Works
192.168.40.0/24 to 10.1.12.0/24 ; Does Not WorkUpdate: The problem seems to be isolated to the remote office firewall as it has the same problem with a peer-to-peer OpenVPN tunnel and other remote offices work fine with both IPsec and OpenVPN tunnels in the same configuration.