Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC with 3 sites and routing between them

    Scheduled Pinned Locked Moved IPsec
    7 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cr_hyland
      last edited by

      Hi,

      I have 3 sites A, B and C
      Site A is the primary site and Site B / Site C are branch offices.

      There are IPSEC tunnels between A and B and between A and C and all works well.

      I need to be able to route traffic between B and C through A but I cant seem to be able to to this with static routes.

      Has anyone achieved this and could you give some pointers?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • K
        kitdavis
        last edited by

        I just dealt with something rather similar.

        Look for the tutorial on how to send all traffic to the internet via a VPN connection.  Using those directions create a second phase 2 connection between A and B that uses C's subnet and between A and C that uses B's subnet.  You will also have to create manual outbound routing information for those connections.

        Of course the easiest approach would be to build a tunnel directly between B and C.

        1 Reply Last reply Reply Quote 0
        • C
          cr_hyland
          last edited by

          That for that but I had already tried adding a second phase 2 before i hit the forums.

          Problem is that when i add the second phase 2 to site A it doesn't seem to recognize the site C subnet and won't allow me to connect the VPN. I get no little arrow to connect it.

          Is there a way around this that you know of?

          Cheers.

          1 Reply Last reply Reply Quote 0
          • C
            cr_hyland
            last edited by

            Anyone any idea why i can't add a second Phase 2 for Site B and C?

            1 Reply Last reply Reply Quote 0
            • C
              cr_hyland
              last edited by

              I've tried everything I can think of but no way can I get this to work.
              no matter what I do I cant get a second phase 2 to come up when it uses a subnet that doesn't directly exist on a wan or lan interface.

              is this a bug in pfsense 2.1 or am I doing something stupid?

              please can someone help, I really need to get this working.

              1 Reply Last reply Reply Quote 0
              • C
                corradolab
                last edited by

                Hi craggy,

                just curious why you cant create an IPSec tunnel between B and C.
                Can you explain?

                1 Reply Last reply Reply Quote 0
                • M
                  MLIT
                  last edited by

                  @craggy:

                  I've tried everything I can think of but no way can I get this to work.
                  no matter what I do I cant get a second phase 2 to come up when it uses a subnet that doesn't directly exist on a wan or lan interface.

                  is this a bug in pfsense 2.1 or am I doing something stupid?

                  please can someone help, I really need to get this working.

                  Another way to do this would be to use a larger subnet on the first Phase 1 of the WAN.

                  I.E.

                  You have 3 networks:

                  192.168.100.0/24 A
                  192.168.101.0/24 B
                  192.168.102.0/24 C

                  So when you setup the phase 2 for A to B, on the B side you set the remote WAN to 192.168.0.0/16

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.