Netgate SG-1000 microFirewall

Author Topic: VPN Site to site IPSEC  (Read 160 times)

0 Members and 1 Guest are viewing this topic.

Offline rayx

  • Newbie
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
VPN Site to site IPSEC
« on: January 22, 2018, 12:45:00 am »
Hello, I want to make a IPSEC connection site-to-site between 4 sites with IPSEC, and I want the 4 sites to see each other.
At the moment, the site to site tunnel with the server and the other sites works correctly, but the B, C and D sites can not be seen between them.

My question is, on the server side, should I add 3 VPN servers?
or do it in phase 2?
Or create 1 alone and configure it in some predefined way?

And on the client side, how do I see / configure the other sites?

All have a range:
10.1.0.0/16 - HEADER A - Server
10.2.0.0/16 - HEADQUARTERS B
10.3.0.0/16 - HEADQUARTERS C
10.4.0.0/16 - HEADING D

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 502
  • Karma: +45/-0
    • View Profile
Re: VPN Site to site IPSEC
« Reply #1 on: January 22, 2018, 10:36:16 am »
Wouldn't you create IPsec tunnels on all the routers going to all the other routers then run FFR to look after the routing ?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9812
  • Karma: +1107/-311
    • View Profile
Re: VPN Site to site IPSEC
« Reply #2 on: January 22, 2018, 10:42:26 am »
Because the routing table has no effect on IPsec so FRR won't do you any good there.

You want to do it in your Phase 2s.

If a network should be reachable from a site, there should be a Phase 2 for it.

For instance, For the tunnels from A to B:

On A:
Local Network: 10.1.0.0/16, Remote Network: 10.2.0.0/16
Local Network: 10.3.0.0/16, Remote Network: 10.2.0.0/16
Local Network: 10.4.0.0/16, Remote Network: 10.2.0.0/16

On B:
Local Network: 10.2.0.0/16, Remote Network: 10.1.0.0/16
Local Network: 10.2.0.0/16, Remote Network: 10.3.0.0/16
Local Network: 10.2.0.0/16, Remote Network: 10.4.0.0/16

Etc.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM