• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

S2S IPSec With VTI Questions

Scheduled Pinned Locked Moved IPsec
1 Posts 1 Posters 116 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jlw52761
    last edited by Feb 8, 2025, 2:17 AM

    Question arrising from an odd situation. I have three sites, two of them with 2 HA pfSense. One of the sites is the hub for the other two, and the hub does have two firewalls. For a few years I have a S2S between all the firewalls in a matrix fashion using VTI, and all has worked, with each VTI pair being it's own /30. For some reason some of the remote VTI's on the subnet now longer seem to be pingable, can't figure out why.
    My question is, do I really need to have seperate /30's for each VTI pair or can I use a large /24 for ALL VTIs and make life a little simpler? Mocking everything up in GNS3 shows that it works, but not sure what the real world ramification of this would be. Thinking about just adding a new P2 to each connection and then removing the old P2, so that pairs that are working don't die suddenly.

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received