IPSEC routing help needed



  • Hello,
    I have 3 remote office and 1 main office, all configured with a PFSENSE 1.2x router.

    Main office 192.168.0.x
    Remote office 1 192.168.50.x
    Remote office 2 192.168.55.x
    Remote office 3 192.168.60.x

    I have ipsec tunnels created and each remote office can talk with the main office with no problems.

    I cannot communicate however from remote office to remote office.  I am using preshared keys.

    Can anyone point me in the right direction as to what needs to be configured for remote offices to talk to each other??



  • I believe each remote will need to have an IPSec tunnel to every other remote you want it to communicate with.

    Roy…



  • Hi an thanks for the reply,
    I was hoping for a little more info.  Can anyone provide any examples of how this would be setup.  I have tried simply creating additional routes however it does not seem to still work.  Do I only need to create these routes at the 2 remote offices that are unable to communicate with each other??  Do I need to program anything at the main office?  Any assistance you could provide would be greatly appreciated.
    Thanks!!
    Frank



  • you only need to add the additional tunnels I described above.  No manually added routes are required.

    Roy…



  • Check your firewall as well. Unless you let the lan talk to any and everything, you need to add a rule to the remote net.

    (a) * lan net * 192.168.50.0/24 * *

    You'd have to do the same thing on the remote side as well.

    If your current firewall rule looks like this…

    (b) * lan net * * * *

    then you do not need to add any other rules such as (a)



  • If and only if I understood you right.. Please see the attachment picture ;)



Locked