Road Warrior <-> Site A <-> Site B
-
Road Warrior <-internet-> Site A <-internet-> Site B
As the title says, Id like my mobile IPSEC VPN to be able to connect to both sites of the site-to-site IPSEC VPN. I had this setup with pfSense as Site A and an Edgerouter ER-X on Site B. It was pretty flaky and only seemed to work occasionally. I decided to simplify and ditch the edgerouter for another pfSense.Previously, I set up a basic site-to-site IPSEC at both sites. For Phase2, I Specified the Local and Remote subnets on both ends; Site A - 192.168.1.0/24 and Site B -10.0.1.0/24 (local and remote, vice versa on the other side)
I then set up a basic Mobile client on Site A using Xauth and PSK (gonna change to EAP-MSCHAPv2 this time around) and assigned 10.0.9.0/24 as the virtual IP and 0.0.0.0 in the Phase2 local subnet.
These worked okay on their own. The site to site would crash frequently. I could get it back up by stopping and starting the IPSEC service, restart service never seemed to work. I think switching to pfSense on both ends will resolve whatever issue I had here.In an attempt to get the mobile to pass traffic through the site-to-site tunnel I added a Phase2's on Site A with 10.0.9.0/24 local and 10.0.1.0/24 remote, and vice versa for Site B. I was thinking this would create a route from the virtual mobile through the tunnel, to Site B.
This worked even less frequently. No idea if that was even the right method. It's odd that it was intermittent but again, I'm hopeful that with both ends being pfSense it will smooth this out or at least make troubleshooting easier. IPSEC on the ER-X was a PITA.Now that I'm starting fresh, is there any advice on how to get this to work more reliably?
Thanks