Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec site to site and roadwarrior on the same interface.

    Scheduled Pinned Locked Moved
    IPsec
    3
    4
    174
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pvanderlaat
      last edited by

      Hi,
      Is it possible to setup IPsec site to site VPN and roadwarrior VPN on the same WAN interface?

      In my setup, IPsec site to site connection and Roadwarrior, have their own separate phase 1 and phase 2.

      Whenever I enable Phase 1 and Phase 2 for IPsec VPN site to site, and disable both Phase 1 and Phase 2 for IPsec VPN Roadwarrior. IPsec site to site VPN conection works ok. Same viceversa.

      However, when I enable both phase 1 and 2 for both IPsec VPN site to site and RoadWarrior, neither one work.

      Could anyone point in the right direction?

      Cheers!

      keyserK 1 Reply Last reply Reply Quote 0
      • N
        NOCling
        last edited by

        I am using this configuration and it is working fine. I currently have 9 S2S tunnels active and I use primary IPsec for my smartphone.
        All on the same WAN Interface.

        Netgate 6100 & Netgate 2100

        1 Reply Last reply Reply Quote 0
        • keyserK
          keyser Rebel Alliance @pvanderlaat
          last edited by keyser

          @pvanderlaat Certainly. I have multiple Site 2 Site and Mobile Warrior on my WAN interface.

          It’s a little strange that neither works when you enable both. I would expect one to keep working and the other not.
          Can you post a sanitized screenshot of boht your phase1 settings + the setup on your mobile clients page?

          Love the no fuss of using the official appliances :-)

          1 Reply Last reply Reply Quote 0
          • P
            pvanderlaat
            last edited by

            Thank you @NOCling and @keyser for your insight.

            I went back and reviewed step by step 2 guides from the Netgate documentation:

            • For Remote VPN connections with Certificate, I followed this guide: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-tls.html
            • And for Site to Site VPN connections with Certificate, I followed this other guide: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-tls.html

            My issue was I got creative and changed some settings the first time. After knowing @keyser and @NOCling were able to make it work, I followed those 2 the guides, and everything worked fine!

            Thank you both!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post