OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: DaveA67 on March 15, 2018, 12:46:31 pm

Title: Multiple local subnets over IPSec VPN
Post by: DaveA67 on March 15, 2018, 12:46:31 pm

Hi
Struggling with this one, not sure if it's possible!

I have a local site with a Draytek router. This router makes an IPSec VPN to virtual Opnsense firewall in the cloud.
The Draytek has 2 local subnets, for example 192.168.1.0/24 and 192.168.2.0/24
The subnet in the cloud is 192.168.3.0/24.

I can set up the VPN no problem with the LAN subnet 192.168.1.0 however traffic from the 192.168.2.0 subnet, which does go up the tunnel, is not being returned, probably as there is no policy for the 192.168.2.0 subnet.

The Draytek cannot create multiple Phase 2 policies for a single connection as far as I can tell.

Is there a way for Opnsense to recognise the addition local LAN subnet?

many thanks!

Title: Re: Multiple local subnets over IPSec VPN
Post by: Dankert on March 20, 2018, 10:38:45 pm

https://www.draytek.com/en/faq/faq-vpn/vpn.others/how-to-create-phase2-sa-for-multiple-subnets/
Here's the how-to for multiple Phase2 on a Draytek router.

We've tested this more than 1 year ago, it was'nt very stable that time. Good luck!

Title: Re: Multiple local subnets over IPSec VPN
Post by: DaveA67 on March 21, 2018, 11:44:16 am

Hi

Thanks for the reply.
The setup we have is the other way around though we have 2 subnets on the Draytek rather than the other end.The Draytek will route traffic from the second LAN to the VPN tunnel but will not create the Phase 2.
Am i correct in thinking that Opnsense must have a phase 2 for the second LAN before it will accept the traffic?

Cheers!