On 2015-Apr-24, at 7:37 AM, Gregory K Shenaut <[email protected]> wrote:
> I have two pfSense boxes connected via an IPSEC tunnel. > > I'm confused about whether a route gets added automatically to the remote > network end of an IPSEC tunnel when the tunnel comes up. <snip'd> > > However, currently the tunnel can be up, hosts in either remote subnet can > ping each other, but the pfSense boxes themselves can't ping hosts in the > remote subnet, including the LAN address of the other pfSense host to which > they are connected. > > <snip'd> > > What could cause this situation, and what is the solution? > > Thanks for any suggestions. > > Greg Shenaut I use multiple P2s to solve this kind of issue. See item 5 on http://www.derman.com/blogs/IPSec-VPN-Firewall-Setup Although it's talking about routing OpenVPN through IPsec, it's the same for IPsec through IPsec. In our case, we have our "main site" connected to 2 other sites via always-on site-to-site IPsec VPNs as well as mobile IPsec VPN and mobile OpenVPN VPN and each tunnel definition has multiple P2 entries that allow any of the multiple LANs to be accessed (subject to policy/rules). Works well for us. E.G., I can access the remote-sites' pfSense boxes or systems on one of the remote-sites' LANs when connected to the main site via OpenVPN from an iDevice. We've been using this strategy since pfSense 2.1 and are now on v2.2.2. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
