Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec site to site and multiple networks

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 967 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fmroeira86
      last edited by

      Hi good people!

      I do not have any experience configuring IPSec tunnels.

      From what I have read I understand that I must create as many phase 2 as necessary to include non summariazable networks.

      Why does this have to be this way? Is this pfsense specific or just the way IPSec works?

      I saw some videos about fortinet and other vendors where it was only necessary to create routes.

      Thank you!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It's necessary in most every IPsec device but the methods are different.

        Some define the Phase 2 networks as we do. Ethers define them using ACLs, policies, or "routes" of sorts – no matter what you need to have a list of networks to allow on your side and IPsec destinations on the far side. Some try to automate or hide parts of it, but it makes diagnosing tunnel issues much more difficult than it needs to be.

        In the future it may be simplified somewhat by using aliases for Phase 2 networks, but that isn't possible yet.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.