IPSEC with 3 sites and routing between them
-
Hi,
I have 3 sites A, B and C
Site A is the primary site and Site B / Site C are branch offices.There are IPSEC tunnels between A and B and between A and C and all works well.
I need to be able to route traffic between B and C through A but I cant seem to be able to to this with static routes.
Has anyone achieved this and could you give some pointers?
Thanks.
-
I just dealt with something rather similar.
Look for the tutorial on how to send all traffic to the internet via a VPN connection. Using those directions create a second phase 2 connection between A and B that uses C's subnet and between A and C that uses B's subnet. You will also have to create manual outbound routing information for those connections.
Of course the easiest approach would be to build a tunnel directly between B and C.
-
That for that but I had already tried adding a second phase 2 before i hit the forums.
Problem is that when i add the second phase 2 to site A it doesn't seem to recognize the site C subnet and won't allow me to connect the VPN. I get no little arrow to connect it.
Is there a way around this that you know of?
Cheers.
-
Anyone any idea why i can't add a second Phase 2 for Site B and C?
-
I've tried everything I can think of but no way can I get this to work.
no matter what I do I cant get a second phase 2 to come up when it uses a subnet that doesn't directly exist on a wan or lan interface.is this a bug in pfsense 2.1 or am I doing something stupid?
please can someone help, I really need to get this working.
-
Hi craggy,
just curious why you cant create an IPSec tunnel between B and C.
Can you explain? -
@craggy:
I've tried everything I can think of but no way can I get this to work.
no matter what I do I cant get a second phase 2 to come up when it uses a subnet that doesn't directly exist on a wan or lan interface.is this a bug in pfsense 2.1 or am I doing something stupid?
please can someone help, I really need to get this working.
Another way to do this would be to use a larger subnet on the first Phase 1 of the WAN.
I.E.
You have 3 networks:
192.168.100.0/24 A
192.168.101.0/24 B
192.168.102.0/24 CSo when you setup the phase 2 for A to B, on the B side you set the remote WAN to 192.168.0.0/16