• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing between 2 IPSec-tunnels/nets.

Scheduled Pinned Locked Moved IPsec
4 Posts 2 Posters 6.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mrzaz
    last edited by Oct 29, 2010, 6:36 AM

    Hello,
    I'm feeling a bit "braindead" today and can't figure out how and if it is possible to
    setup a route between 2 different IPSec nets through pfSense.

    I'm using pfSense 2.0 BETA4

    I will explain:

    I have 2 IPSec tunnels setup to two different partners in 2 different locations. (here called net1 and net2)
    They normally communicate with the network behind this pfSense (servers) (here called net3)
    BUT, we also would like for net1 to access resources in net2.

    Basicly:
    NET1 -> IPSec1 > pfSense -> IPSec2 -> NET2

    Looked into the "Routing / Gateways" to create 2 gateways,
    one for each LAN IP-address of the router terminating the IPSec.

    GatewayNet1:
    192.168.100.1

    GatewayNet2:
    192.168.110.1

    And then create 2 routes with each gateway and specifying the networks.
    (Of course they need to setup local routing as well but this is outside the scope of this exercise.)

    But the problem is that Gateway does NOT support IPSec as interface, only WAN/LAN.
    So there it falls a bit flat.  (or correct me if i'm wrong. I am feeling a bit braindead afterall. ;-)

    Am I totally thinking this wrong ?

    Best regards
    Dan Lundqvist
    Stockholm, Sweden

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Nov 1, 2010, 1:24 PM

      It's possible, but not easy.

      If you are using 2.0 everywhere it's not so bad though.

      You just need to specify all of the subnets involved in their own phase 2 entries so that each router known that the other subnets should go over the tunnel.

      It may be easier to do with OpenVPN, but on 2.0 it's probably about the same level of difficulty. On 1.2.x it is much easier to do with OpenVPN.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • M
        mrzaz
        last edited by Nov 1, 2010, 3:15 PM

        • OpenVPN is not an option as the router on other end does not support it.
        • The router in net1 and 2 is not pfSense and don't know if they support multiple phase2 entries.
          Think they are using "Cisco RV042 Dual WAN VPN Router" (former Linksys RV042) and they don't support dual ph2. (after checking)

        So, is it doable anyway on 2.0 or am I screwed ?

        //Dan Lundqvist

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Nov 1, 2010, 3:44 PM

          It likely will not be possible in that case, unless you can do it with CIDR summarization (use a subnet mask that will cover the subnets on either end) but getting that to match up with two remote sites may not be possible.

          Multiple subnets between two sites, sure, but not three.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received