How do I tunnel a few disjointed networks one way through a tunnel?
To get straight in to it… I have an IPSec tunnel between two networks.
One site is using 192.168.0.x/21 and the other site is using 192.168.10.x/24 for their private IP range.
When setting up each of the phase 2 entries, I simply used the above as the local/remote entries - and it works great.
I now need (in addition to the above) two completely different public IP ranges to be routed to one side of the tunnel so that all requests from one side will be routed across the tunnel.
I tried the "None" option on local range (which I now know is a bug - http://redmine.pfsense.org/issues/2812#change-10754 ), along with trying to use a few different options, but, I just can't get it to work and the phase two won't establish.
I have been looking in the logs and just can't figure out what is wrong.
Anyone know what I have to do?
Cover the exact path (src/dst) the traffic needs to take from either side.
<local network="">… <public ip="" block="">and
<public ip="" block="">... <local network=""></local></public></public></local>
So, it is ok for local network to be duplicated in rules?
I did try this, but saw that one of the errors at one point was "duplicate rule" or similar in the logs, so I figured it was not meant to be like that.
… I will try again shortly.