Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't add second IPSec connection with the same remote gateway

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • emammadovE
      emammadov
      last edited by emammadov

      I have a Public IP Range (for instance: 70.10.10.8/29 and added them as a Virtual IP address to the WAN interface. Then I create the first IPSec connection, it creates successfully.
      Phase 1
      Interface: 70.10.10.10
      Remote Gateway: 80.10.10.10

      But when I create a second IPSec connection with a different interface but the same Remote Gateway, it gives an error: "The remote gateway "80.10.10.10" is already used by phase1".
      Phase 1
      Interface: 70.10.10.11
      Remote Gateway: 80.10.10.10

      Why can't I create the second phase 1 with a different interface IP address but the same Remote Gateway?

      Elvin

      viktor_gV 1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Because it creates a conflict. By default the system sets up static routes to the remote gateway over the appropriate WAN, and having a duplicate would break that since you can't have two routes to the same destination.

        On 2.5.x/21.02.x there is a Gateway duplicates option you can enable on both tunnels to allow that configuration to work, but read the text for the option carefully.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • viktor_gV
          viktor_g Netgate @emammadov
          last edited by

          @emammadov see Advanced Options:
          Screenshot from 2021-03-31 18-56-58.png

          https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html#advanced-options

          emammadovE 1 Reply Last reply Reply Quote 0
          • emammadovE
            emammadov @viktor_g
            last edited by

            Thank you for your reply. I upgraded our current pfsense 2.4.5 p1 to 2.5.0, but then ipsec connections don't work and there is nothing in Description tab of Phase 1 any more.

            Elvin

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.