2 sites, 2 ipsec, 2 wan each side. Only 1 tunnel can route???????? Please Help



  • I have 2 sites, each with pfSense 2.0 beta (i tried 1.2.3 on each but same result)
    Each site has 2 wan, 1 pppoe DSL and 1 static SDSL. The pppoe at each site is DSL 24mx1m and the static at each site is SDSL 4mx4m
    The reason for the multi wan at each site is so that we can have ipsec vpn SDSL to SDSL for server traffic, exchange, file transfers etc
    and the DSL at each site so we can have ipsec for Trixbox ip phones and voip between extensions in bots sites etc.

    Originally i tried it with just SDSL to SDSL but the traffic shaper couldnt shape voip traffic between the ipsec tunnel and voip conversations were extremely choppy to the point where it was unusable. This was due to the high volume of general network and file traffic between the sites. I then decided to get a dsl connection at each site and set up an ipsec tunnel for Trixbox and voip between the sites only. No other traffic flows over the dsl connections.

    Problem is that i can get both tunnels to come up but only one tunnel, the SDSL, will transport traffic.

    Config is like this.
    Site1
    pfSense 2.0 Beta1 4. interfaces
    1. SDSL, Static, 4mx4m, ipsec tunnel A (for file vpn)
    2. DSL, pppoe (with static ip) 24mx1m, ipsec tunnel B (for voip vpn)
    3. Lan, 192.168.1.x  (plan to use ipsec A to Site 2)
    4. IP Phones, 192.168.0.x (plan to use ipsec B to Site 2)

    Site 2
    pfSense 2.0 Beta1 3. interfaces
    1. SDSL, Static, 4mx4m, ipsec tunnel A (for file vpn)
    2. DSL, pppoe (with static ip) 24mx1m, ipsec tunnel B (for voip vpn)
    3. Lan, 10.10.1.x  (plan to use ipsec A to Site 1)
    IP Phones, 192.168.0.x (plan to use ipsec B to Site 1)

    Both tunnels are up but only the ipsec Vpn A will route traffic.
    From Site 1 from the lan if i ping 10.10.1.1 (Server at site 2) i get a reply
    From Site 1 from the IP Phones network if I ping 10.10.1.250 (Trixbox at site 2) i get no reply.

    From Site 2 if I ping 192.168.1.1 (Server on lan at Site 1) i get a reply
    From Site 2 if I ping 192.168.0.1 (Trixbox on IP Phones network at Site 1) I get no reply.
    As you can see Ipsec tunnel A routes traffic OK but Ipsec B does not.

    Has anybody any idea what is the problem here. Do I need static routes here or something else?

    I can provide more info as requested.

    Cheers.



  • Ok, never mind. I did a new install with 2.0 beta from 19 Jan 2010. Everything worked as i expected straight away. No issues routing to either subnet.


Locked