Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AWS ipsec tunnel , BGP and P2

    Scheduled Pinned Locked Moved IPsec
    3 Posts 1 Posters 636 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dakobg
      last edited by

      I have a simple question

      For AWS we have a ipsec tunnel with BGP
      I do not have issues with setup. BGP announce properly networks in both sites

      My question is for IPSEC P2.
      Right now I allow /30 ip addresses used for BGP peering between pfsense AND AWS however I allow also local/remote networks which are announced via BGP

      Is it safe to allow in P2
      local netowrk 0.0.0.0/0
      remote network 0.0.0.0/0

      in order all networks announced via BGP to work without additional P2 per network, and if yes what is the P2 policy something specific ?

      Unfortunately I cannot test it by my self :( I have only production system .

      I'm asking this question because for example Mikrotik have some routing issues with such setup (allow P2 0.0.0.0/0 in tunnel mode) and need some customization.

      Regards,

      1 Reply Last reply Reply Quote 0
      • D
        dakobg
        last edited by

        Ok Sorry look like VTI P2 works without any issues with AWS (I did not now that!)
        however I'm still waiting some folks to confirm and will mark this as solved ..

        1 Reply Last reply Reply Quote 0
        • D
          dakobg
          last edited by

          Yep VTI work without issues with AWS/BGP

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.