Routing from A to B to C using IPsec tunnels
-
Hi,
I currently have 3 sites connected via IPsec and pfSense: A,B,C
In total there will be 9 sites, so want to use B as a hub.
So:
A has IPsec to B
C has IPsec to BB & A can ping each other
B & C can ping each otherBut…
A can not ping CI have:
tried setting manual routes on A for C's Subnet ; And on C for A's subnet
tried adding a second Phase 2 configuration on A for C's Subnet ; and vice versaBut I did not stumble onto a working solution.
What is the correct approach?Thanks in advance
-
Assuming that A, B, and C are all running pfSense it's relatively straightforward.
Example LANs:
Router A -> 10.10.0.0/24
Router B -> 10.20.0.0/24
Router C -> 10.30.0.0/24Router A
–---------
Phase 1 on A heading to B has two child Phase 2
1. 10.10.0.0/24 -> 10.20.0.0/24
2. 10.10.0.0/24 -> 10.30.0.0/24Router B (B must know what to do with transiting traffic, this is probably what you're missing)
Phase 1 on B heading to A has two child Phase 2
1. 10.20.0.0/24 -> 10.10.0.0/24
2. 10.30.0.0/24 -> 10.10.0.0/24 (C -> A Transit)Phase 1 on B heading to C has two child Phase 2
1. 10.20.0.0/24 -> 10.30.0.0/24
2. 10.10.0.0/24 -> 10.30.0.0/24 (A -> C Transit)Router C
Phase 1 on C heading to B has two child Phase 2
1. 10.30.0.0/24 -> 10.20.0.0/24
2. 10.30.0.0/24 -> 10.10.0.0/24Also make sure that under Firewall -> Rules -> IPSEC that you pass IPSEC traffic for anything (all asterisks in all columns) on all routers. After getting the tunnels up you can make finer grained rules if you want.