Can't add second IPSec connection with the same remote gateway
-
I have a Public IP Range (for instance: 70.10.10.8/29 and added them as a Virtual IP address to the WAN interface. Then I create the first IPSec connection, it creates successfully.
Phase 1
Interface: 70.10.10.10
Remote Gateway: 80.10.10.10But when I create a second IPSec connection with a different interface but the same Remote Gateway, it gives an error: "The remote gateway "80.10.10.10" is already used by phase1".
Phase 1
Interface: 70.10.10.11
Remote Gateway: 80.10.10.10Why can't I create the second phase 1 with a different interface IP address but the same Remote Gateway?
-
Because it creates a conflict. By default the system sets up static routes to the remote gateway over the appropriate WAN, and having a duplicate would break that since you can't have two routes to the same destination.
On 2.5.x/21.02.x there is a Gateway duplicates option you can enable on both tunnels to allow that configuration to work, but read the text for the option carefully.
-
-
Thank you for your reply. I upgraded our current pfsense 2.4.5 p1 to 2.5.0, but then ipsec connections don't work and there is nothing in Description tab of Phase 1 any more.