I am not able to start second phase2 tunnel
-
Hello,
I have just followed ipsec tutorial and started an ipsec tunnel like this:host A LAN 192.168.150.0/24 to host B LAN 192.168.152/24
It works well I can ping hosts.
Now I have also OPT1 interfaces in host a and b. So I add another phase 2 like this:
host A:
from OPT1 to 192.168.142.0/24 (OPT1 is 192.168.140.0/24)host b:
from OPT1 to 192.168.140.0/24 (OPT1 is 192.168.142.0/24)Now it does not work. I go in ipsec status and I see green for first phase2 and yellow for second phase2. Unfortunately, there is NO button to start the second phase2.
I have tried to not put opt1 and put the netmask but without luck.
I have pfsense 2.0.1, fresh installed. What can I do?
Thanks in advance for any help,
Mario
-
The start button just triggers a ping, just manually start a ping from Diag>Ping or an internal host, then what happens? If it doesn't come up, check the IPsec logs for why.
-
@cmb:
The start button just triggers a ping, just manually start a ping from Diag>Ping or an internal host, then what happens? If it doesn't come up, check the IPsec logs for why.
Logs are ok, the ping works only for first phase2, the one defined on lan. I have tried with a third host and, again, the phase2 on opt1 does not work. The ipsec starts only when I click the play button and the icon from yellow goes green, are you sure is only a ping?
-
yes it's only a ping. You just need to initiate any traffic that matches the second phase 2. Then if it doesn't come up, check the IPsec logs to see why.