Access OPT1 through the IPSEC VPN



  • I builded a IPSEC VPN channel between 2  pfsense 1.2.3.

    Site A: LAN : 10.10.0.0/23

    Site B: LAN:192.168.0.0  
             OPT1:192.168.100.0

    IPsec vpn created between WAN port in pfsense.

    Now, IPsec vpn is ok , I can access B site LAN from site A LAN, but I can't access SITE B OPT1 from SITE A,  
    How should I do? Please advise.



  • Hello,

    We have the same problem. Our solution is to create a 2nd IPSec Tunnel with the Subnet of the Opt1 as the remote Network.
    I can not say that this works good or not so good. Because we have some problem with the ipsec itself.
    Another way was to setup a static route but this doesnt worked. The PFsense sends the Packages to the default gateway witch was the wan in our case.

    Regards from Cologne (Germany)



  • Could you show me more detail info, how build ipsec vpn from WAN port (site A)  to OPT port (site B)



  • Ill give it another try tomorrowm because in the last hours i made some changes and now? Exactly its doens work anymore. After that i will post what happend :-)



  • Hm, so seen from now it works… i think so :-)

    We have 2 pfsense Boxes connected via the internet. both have at least 1 static ip on wan side.
    The 1st Box hast just a LAN and WAN interface.
    The 2nd Box hast a LAN,OPT1 and WAN interface.

    The goal was to integrade the 1st Box to our land behind the 2nd box. For this we created 2 IPSEC tunnel:

    1. connects LAN/Box1 to Lan/Box2
    2. connects LANBox1 to Opt1/Box2

    So the users in the Lan on Box1 can now acces the Lan and Opt1 of Box2.

    Seen form Box 2 there are now 2 way to get packages to the Lan on Box1.... what ever - it works. Will see what the next days will bring to us.

    Regards from Germany



  • 2. connects LANBox1 to Opt1/Box2

    how to do that ?



  • Just Setup 2 tunnels/connections as this 2 would be the only one by them self. By the way. my ipsecs crashs all the time. I do not know why but its not very stable at this point. Maybe this is not the right solution :-)


Log in to reply