Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reachable network dependant on Phase 2 ordering

    IPsec
    4
    4
    796
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mix_room
      last edited by

      I have a mobile IPSec solution which was working fine on 2.2.3, which now exhibits very peculiar behaviour.

      It is connected to three internal subnets

      192.168.900.0/24 == (10.601.1.0/25,10.602.1.0/24 and 10.603.1.0/24)  [ networks edited for privacy reasons ]
      I can connect to the phase 1 connection properly without issues.

      But I can only reach the network that is "highest" in the GUI. If 10.601.1.0 is highest, I can reach that one, if 10.602.1.0 is highest, I can reach that one.

      I have not seen this behaviour before upgrading to 2.3.

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        If you are going to edit private network numbers, which I don't see the point of, don't use impossible numbers.

        1 Reply Last reply Reply Quote 0
        • V
          vin0x64
          last edited by

          I have a setup to reach 2 separate networks, and it works fine, I can reach the second one in the list.
          What do you see in the status -> ipsec page when the tunnel is established ?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            The raw output of 'ipsec statusall' would be helpful.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.