Routing from A to B to C using IPsec tunnels
Norsak last edited by
I currently have 3 sites connected via IPsec and pfSense: A,B,C
In total there will be 9 sites, so want to use B as a hub.
A has IPsec to B
C has IPsec to B
B & A can ping each other
B & C can ping each other
A can not ping C
tried setting manual routes on A for C's Subnet ; And on C for A's subnet
tried adding a second Phase 2 configuration on A for C's Subnet ; and vice versa
But I did not stumble onto a working solution.
What is the correct approach?
Thanks in advance
ltctech last edited by
Assuming that A, B, and C are all running pfSense it's relatively straightforward.
Router A -> 10.10.0.0/24
Router B -> 10.20.0.0/24
Router C -> 10.30.0.0/24
Phase 1 on A heading to B has two child Phase 2
1. 10.10.0.0/24 -> 10.20.0.0/24
2. 10.10.0.0/24 -> 10.30.0.0/24
Phase 1 on B heading to A has two child Phase 2
1. 10.20.0.0/24 -> 10.10.0.0/24
2. 10.30.0.0/24 -> 10.10.0.0/24 (C -> A Transit)
Phase 1 on B heading to C has two child Phase 2
1. 10.20.0.0/24 -> 10.30.0.0/24
2. 10.10.0.0/24 -> 10.30.0.0/24 (A -> C Transit)
Phase 1 on C heading to B has two child Phase 2
1. 10.30.0.0/24 -> 10.20.0.0/24
2. 10.30.0.0/24 -> 10.10.0.0/24
Also make sure that under Firewall -> Rules -> IPSEC that you pass IPSEC traffic for anything (all asterisks in all columns) on all routers. After getting the tunnels up you can make finer grained rules if you want.