Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC VPN problem

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      uk26
      last edited by

      i have problem with PFSense configuration.

      Background

      We have an office and two Data Centre. the two Data Centres are connected via a private VLAN. Dc5 and DC3. both Data Centres can see the Network Card 2 of the pfsense box.

      The Data Centre PFsense has 3 network cards. 1 for public IP, 1 for Local Lan, and 1 for Vlan (the Data Centres can see the vlan interface

      now, i want to be able to see the Data Centre Vlan from my local office

      192.168.1.X is local Office
      192.168.50.254 is Nic 2 of Data Centre Pfsense (Local office can this this network)
      192.168.14.254 is nic 3 of the Data Centre Pfsense (Local Office cannot see this network)

      is there  any reason why i would not be able to see the vlan network?

      In the logs i see ipsec_starter[37214]: configuration 'con1000' unrouted

      1 Reply Last reply Reply Quote 0
      • U
        uk26
        last edited by

        I noticed the IPSec SPD only contains the first lan IP address and not the second network interface.

        How would i get the IPsec to list both lan  interface ips?

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          @uk26:

          How would i get the IPsec to list both lan  interface ips?

          Add matching phase 2 entries.

          1 Reply Last reply Reply Quote 0
          • U
            uk26
            last edited by

            Already tried that.

            The only way i could get this to work was to remove EM1 (Lan 1) and move the Data Centre Vlan EM2 to LAN of the PFsense

            it appears PFsense is not able to route IPsec to additional interfaces (OP1)

            before that, EM0 = Wan, EM1 = Lan, EM2=Vlan

            now  have EM0=Wan, EM2 = LAN, I can now see all the hardware at the data cente from the office using private IPs

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @uk26:

              it appears PFsense is not able to route IPsec to additional interfaces (OP1)

              Of course you can, tens of thousands of people's networks including our own wouldn't work if that were true. There is some other difference between what you had and what you have now.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.