I have a site to site vpn tunnel up and running just fine with one phase 2 tunnel. I'm trying to add another Phase 2 tunnel, but for whatever reason, I can't get the 2 tunnels to work at the same time. If I disable Tunnel #1 and reconnect Tunnel #2 works. If I re-enable Tunnel #1 and disable Tunnel #2 it works. When both Tunnels are enable, only Tunnel #1 will work.
Both tunnels are on separate subnets.
Any help would on what I can do next would be greatly appreciated.
Thank you.
Can you send as anonymized the logs?
Where would I find the logs to send?
Quote from: MikeA on November 18, 2015, 04:46:07 PM
Both tunnels are on separate subnets.
Are both sides the same hard/software running?
Many IPSec setups have problems with more than 1 phase-2 tunnels, but work fine with seperate tunnels, i.e. 1 tunnel (with phase 1+2) for each subnet.
e.g.:
Site 1 with LAN 1 --- tunnel --- Site 2 with LAN 2
Site 1 with LAN 1 --- tunnel --- Site 2 with LAN 3
Site 1 with LAN 1 --- tunnel --- Site 2 with LAN 4 behind static route on LAN 2
Site 1 with LAN 1 --- tunnel --- Site 2 with LAN 5 behind static route on LAN 3
Actually not sure what the other side is running, but I can find out. This worked on both my Sonicwall and pfSense with no problems.
The tunnel shows that it's up and connected, just no traffic.
I'll gladly supply the logs if you point me in the direction of acquiring them.
Quote from: MikeA on November 18, 2015, 04:46:07 PM
I have a site to site vpn tunnel up and running just fine with one phase 2 tunnel. I'm trying to add another Phase 2 tunnel, but for whatever reason, I can't get the 2 tunnels to work at the same time.
This is a known issue which will be fixed with release 15.7.21 in a few days, see https://forum.opnsense.org/index.php?topic=1774.msg5552 (https://forum.opnsense.org/index.php?topic=1774.msg5552) for further details.
Regards
- Frank