Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing between 2 IPSec-tunnels/nets.

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 6.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrzaz
      last edited by

      Hello,
      I'm feeling a bit "braindead" today and can't figure out how and if it is possible to
      setup a route between 2 different IPSec nets through pfSense.

      I'm using pfSense 2.0 BETA4

      I will explain:

      I have 2 IPSec tunnels setup to two different partners in 2 different locations. (here called net1 and net2)
      They normally communicate with the network behind this pfSense (servers) (here called net3)
      BUT, we also would like for net1 to access resources in net2.

      Basicly:
      NET1 -> IPSec1 > pfSense -> IPSec2 -> NET2

      Looked into the "Routing / Gateways" to create 2 gateways,
      one for each LAN IP-address of the router terminating the IPSec.

      GatewayNet1:
      192.168.100.1

      GatewayNet2:
      192.168.110.1

      And then create 2 routes with each gateway and specifying the networks.
      (Of course they need to setup local routing as well but this is outside the scope of this exercise.)

      But the problem is that Gateway does NOT support IPSec as interface, only WAN/LAN.
      So there it falls a bit flat.ย  (or correct me if i'm wrong. I am feeling a bit braindead afterall. ;-)

      Am I totally thinking this wrong ?

      Best regards
      Dan Lundqvist
      Stockholm, Sweden

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It's possible, but not easy.

        If you are using 2.0 everywhere it's not so bad though.

        You just need to specify all of the subnets involved in their own phase 2 entries so that each router known that the other subnets should go over the tunnel.

        It may be easier to do with OpenVPN, but on 2.0 it's probably about the same level of difficulty. On 1.2.x it is much easier to do with OpenVPN.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          mrzaz
          last edited by

          • OpenVPN is not an option as the router on other end does not support it.
          • The router in net1 and 2 is not pfSense and don't know if they support multiple phase2 entries.
            Think they are using "Cisco RV042 Dual WAN VPN Router" (former Linksys RV042) and they don't support dual ph2. (after checking)

          So, is it doable anyway on 2.0 or am I screwed ?

          //Dan Lundqvist

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It likely will not be possible in that case, unless you can do it with CIDR summarization (use a subnet mask that will cover the subnets on either end) but getting that to match up with two remote sites may not be possible.

            Multiple subnets between two sites, sure, but not three.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.