• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can't add second IPSec connection with the same remote gateway

Scheduled Pinned Locked Moved IPsec
4 Posts 3 Posters 993 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    emammadov
    last edited by emammadov Mar 29, 2021, 9:31 AM Mar 28, 2021, 7:21 AM

    I have a Public IP Range (for instance: 70.10.10.8/29 and added them as a Virtual IP address to the WAN interface. Then I create the first IPSec connection, it creates successfully.
    Phase 1
    Interface: 70.10.10.10
    Remote Gateway: 80.10.10.10

    But when I create a second IPSec connection with a different interface but the same Remote Gateway, it gives an error: "The remote gateway "80.10.10.10" is already used by phase1".
    Phase 1
    Interface: 70.10.10.11
    Remote Gateway: 80.10.10.10

    Why can't I create the second phase 1 with a different interface IP address but the same Remote Gateway?

    Elvin

    V 1 Reply Last reply Mar 31, 2021, 4:00 PM Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Mar 31, 2021, 3:07 PM

      Because it creates a conflict. By default the system sets up static routes to the remote gateway over the appropriate WAN, and having a duplicate would break that since you can't have two routes to the same destination.

      On 2.5.x/21.02.x there is a Gateway duplicates option you can enable on both tunnels to allow that configuration to work, but read the text for the option carefully.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • V
        viktor_g Netgate @emammadov
        last edited by Mar 31, 2021, 4:00 PM

        @emammadov see Advanced Options:
        Screenshot from 2021-03-31 18-56-58.png

        https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html#advanced-options

        E 1 Reply Last reply Apr 1, 2021, 8:02 AM Reply Quote 0
        • E
          emammadov @viktor_g
          last edited by Apr 1, 2021, 8:02 AM

          Thank you for your reply. I upgraded our current pfsense 2.4.5 p1 to 2.5.0, but then ipsec connections don't work and there is nothing in Description tab of Phase 1 any more.

          Elvin

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received