IPSEC VPN problem



  • i have problem with PFSense configuration.

    Background

    We have an office and two Data Centre. the two Data Centres are connected via a private VLAN. Dc5 and DC3. both Data Centres can see the Network Card 2 of the pfsense box.

    The Data Centre PFsense has 3 network cards. 1 for public IP, 1 for Local Lan, and 1 for Vlan (the Data Centres can see the vlan interface

    now, i want to be able to see the Data Centre Vlan from my local office

    192.168.1.X is local Office
    192.168.50.254 is Nic 2 of Data Centre Pfsense (Local office can this this network)
    192.168.14.254 is nic 3 of the Data Centre Pfsense (Local Office cannot see this network)

    is there  any reason why i would not be able to see the vlan network?

    In the logs i see ipsec_starter[37214]: configuration 'con1000' unrouted



  • I noticed the IPSec SPD only contains the first lan IP address and not the second network interface.

    How would i get the IPsec to list both lan  interface ips?



  • @uk26:

    How would i get the IPsec to list both lan  interface ips?

    Add matching phase 2 entries.



  • Already tried that.

    The only way i could get this to work was to remove EM1 (Lan 1) and move the Data Centre Vlan EM2 to LAN of the PFsense

    it appears PFsense is not able to route IPsec to additional interfaces (OP1)

    before that, EM0 = Wan, EM1 = Lan, EM2=Vlan

    now  have EM0=Wan, EM2 = LAN, I can now see all the hardware at the data cente from the office using private IPs



  • @uk26:

    it appears PFsense is not able to route IPsec to additional interfaces (OP1)

    Of course you can, tens of thousands of people's networks including our own wouldn't work if that were true. There is some other difference between what you had and what you have now.


Log in to reply