Ipsec to network with multiple gateways

riaano · Sep 9, 2011, 12:09 PM

Hi,
my network looks something like this:

10.0.0.10 - 10.0.0.100 –--> 10.0.0.1 (pfsense with ipsec) ----> internet

10.0.0.101 - 10.0.0.120 ----> 10.0.0.2 (pfsense without ipsec) ------> internet

10.0.0.121 - 10.0.0.199 -----> 10.0.0.3 (pfsense without ipsec) ------> internet

now my remote side connects to 10.0.0.1 via ipsec with phase 1 and 2 identical on both sides.
the remote side can access / connect / ping any of the machines in range 10.0.0.10 - 10.0.0.100 and visa versa but not to the other machines.

jimp : you suggested adding additional phase 2 entries, i tried, but im not sure im doing it correct...do i add the other phase 2 entries to point to a single address ?

any other help will also be appreciated.

Thanks

riaano · Sep 12, 2011, 9:42 AM

Hi, i think i found my answer by playing around a bit.

My remote network is 10.1.105.0/24, i then added a route on 10.0.0.2 –> route add -net 10.1.105.0 10.0.0.1 255.255.255.0
then i could access the machines running through gateway 10.0.0.2

i hope this might help someone else.

Thanks,