IPSEC S2S routing one subnet thru other gateway
-
Hello Folks!
I have 2 pfsense boxes at my home network with few subnets and IPSEC (policy-based) between them configured with doumentation: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html
P1 with 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24
P2 with 192.168.4.0/24, 192.168.5.0/24, 192.168.6.0/24The IPSEC tunnel is configured like below (and it works)
192.168.2.0 <> 192.168.5.0Now I wish to have subnet 192.168.6.0 to have internet traffic (0.0.0.0) routed thru P1.
When i setup configuration on IPSEC P2 local 192.168.6.0 <> remote 0.0.0.0 it it generaly works but breaks other P2 subnets routing. I setup it according to documentation: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-route-internet-traffic.htmlCan someone advice me how to achive my goal? Should I reconfigure IPSEC to routed VTI?
-
defining a ipsec P2 remote 0.0.0.0 is exclusive. So there is no chance to have other tunnels working at the same time because all traffic will go thru this tunnel.
You may use openvpn site2site instead of ipsec to get your scenario running. -
Thanks, I understand that openvpn is a "routed" VPN so maybe I should go with routed IPSEC?
-
@restrictedr Routed IPsec (VTI) may work in your scenario but I had a hard time and ended up in using openvpn. The restrictions and/or best practices are not well documented and additonally will not work if you have endpoints using dynamic IPs