Ipsec - Routing site to multisite
-
Setup:
Site 1 <==IPSEC==> Site 2 <==IPSEC==> Site 3
192.168.1.0/24 192.168.2.0/24 192.168.3.0/24How can I access Site 3 from Site 1 ?
Ipsec tunnels works from Site 1 to Site 2 and from Site 2 to Site 3. I need to get traffic through all of this.
I have allowed any to any rules on all LAN interfaces. I have done routes to all of these subnets.Sendind data from Site 1 to Site 3 I can see that traffic comes to Site 2 from ipsec tunnel BUT does not go to tunnel to Site 3.
All tunnels done by pfSense 2.0.2.
Do I have to do ipsec tunnels directly between all the other sites (if I would have more than 2 sites)?
Like this:
Site 1 <==IPSEC==> Site 2
Site 1 <==IPSEC==> Site 3
Site 2 <==IPSEC==> Site 3
etc.. -
Have you allowed any any also in ipsec interfaces?
you could also add more p2's on ipsec.And i prefer to have every site connected to every site, cause then you don't have problem with spokes if hub dies.
-
Have you allowed any any also in ipsec interfaces?
you could also add more p2's on ipsec.And i prefer to have every site connected to every site, cause then you don't have problem with spokes if hub dies.
Yes I have but adding more p2 to access Site 3 via Site 2 does not work. But it makes all sense that I have to make ipsec from every site to every site. Just wondering is it possible if needed to do so? You might have a situation where Site X is not availabe to access no other manner than via Site Y.
-
I mean that if you have linked site1–site2--site3, and site2 goes down. site1 and site3 can't discuss each other.
-
I mean that if you have linked site1–site2--site3, and site2 goes down. site1 and site3 can't discuss each other.
Yes, that's true.
-
I can explain how to do it, as i am have done it. But wouldnt it just be easier to establish another IPsec tunnel to Site 3 from Site 1?