1. Home
  2. pfSense® Software
  3. IPsec
  4. IPsec site to site and multiple networks

IPsec site to site and multiple networks

  • F

    Hi good people!

    I do not have any experience configuring IPSec tunnels.

    From what I have read I understand that I must create as many phase 2 as necessary to include non summariazable networks.

    Why does this have to be this way? Is this pfsense specific or just the way IPSec works?

    I saw some videos about fortinet and other vendors where it was only necessary to create routes.

    Thank you!

    0
  • jimp
    Rebel Alliance Developer Netgate

    It's necessary in most every IPsec device but the methods are different.

    Some define the Phase 2 networks as we do. Ethers define them using ACLs, policies, or "routes" of sorts – no matter what you need to have a list of networks to allow on your side and IPsec destinations on the far side. Some try to automate or hide parts of it, but it makes diagnosing tunnel issues much more difficult than it needs to be.

    In the future it may be simplified somewhat by using aliases for Phase 2 networks, but that isn't possible yet.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy