IPsec to identical remote subnets



  • Hi,

    I have a pfsense 2.1.4 box with IPsec tunnels to two remote Amazon Virtual Private Cloud VPNs. Each Amazon VPN has two tunnels, so I have a total of 2 sets, 4 tunnels. The tunnels work well, but I can only get one set of tunnels work at a time. Since these two remote subnets are identical, 10.0.0.0/16 to be precise. I believe I need to have some NAT to differentiate the two sets. For example, from my LAN outgoing, 172.168.0.0/16 would proint to the first VPN, and 172.169.0.0/16 to the second VPN.

    I tried the NAT/BINAT option in the phase2 of the IPsec, but that did not work, as I believe the NAT there is for remote network to access my LAN. So that NAT is on my own LAN. What I need is a NAT on remote network.

    Is this possible? How should I do to accomplish this?

    I understand that if I can change the remote subnet of one VPC, I may be able to resolve this issue. But I don't have control on that.

    Thanks a lot for your help!

    Frank


  • Rebel Alliance Developer Netgate

    It's not currently possible. You may only have one enabled at a time.