Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
IPSEC Site to Site VPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC Site to Site VPN (Read 7211 times)
WallaceTechUK
Newbie
Posts: 7
Karma: 0
IPSEC Site to Site VPN
«
on:
September 19, 2017, 11:46:19 am »
Hi Guys.
Hope someone can push me in the right direction. I have two OpenSense servers at two separate locations. for example i have
Site A
Subnet 192.168.1.0
Subnet 192.168.2.0
Subnet 192.168.3.0
Site B
Subnet 192.168.4.0
Subnet 192.168.5.0
Subnet 192.168.6.0
Now i have followed the example in the Wiki see.
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html?highlight=vpn
I can start the VPN and i can pass traffic from 192.168.1.0 to 192.168.4.0 back and forth. Is there something i am missing to allow multiple subnets to be used as part of Phase 2?
Please let me know if you require any more info from me.
Thanks in advance.
Logged
nicovell3
Newbie
Posts: 12
Karma: 0
Re: IPSEC Site to Site VPN
«
Reply #1 on:
September 19, 2017, 12:19:47 pm »
Hi,
At my company we have two phase2. You can have as many phases 2 for each phase 1 you want
Regards.
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: IPSEC Site to Site VPN
«
Reply #2 on:
September 19, 2017, 12:49:05 pm »
In IKEv2 mode, all Phase 2 entries are meshed together unless the tunnel isolation mode is set.
So nicovell3 is right, just add multiple Phase 2 entries to your Phase 1 and that's it.
You cloud also make the netmask wider, but it may clash with your general network layout: 192.168.0.0/16.
Cheers,
Franco
Logged
WallaceTechUK
Newbie
Posts: 7
Karma: 0
Re: IPSEC Site to Site VPN
«
Reply #3 on:
September 19, 2017, 01:44:27 pm »
Thanks for the replies chaps.
I have added multiple subnets to the Phase 2 but the issue i am facing is that none of them work apart from the subnet that the OpnSense servers are on.
Craig
Logged
WallaceTechUK
Newbie
Posts: 7
Karma: 0
Re: IPSEC Site to Site VPN
«
Reply #4 on:
September 19, 2017, 04:47:41 pm »
Ok, So i have this working.
On the Phase 2 setup. The Local Network was set to LAN Net as per the documentation. What i have done is change this from LAN Net to Network and specified the LAN Subnet.
Example
Local Network
Type = Network
Address = 192.168.1.0/24
Remote Network
Type = Network
Address = 192.168.4.0/24
I can now see both networks from both sides.
Thanks again for your time to reply earlier.
Logged
WallaceTechUK
Newbie
Posts: 7
Karma: 0
Re: IPSEC Site to Site VPN
«
Reply #5 on:
September 19, 2017, 05:28:52 pm »
Scrap the above message. I though this was working but its not.
Logged
WallaceTechUK
Newbie
Posts: 7
Karma: 0
Re: IPSEC Site to Site VPN
«
Reply #6 on:
September 19, 2017, 05:57:03 pm »
Ok. So i am half way there. I can ping from one side of the Tunnel but not the other.
Site A
Ping 192.168.4.0 Reply Timed Out from 192.168.1.0
Site B
Ping 192.168.1.0 Reply Received from 192.168.4.0
Any ideas? I have checked the config on both OpnSense servers and they are the same. I must be missing something as the Tunnel is up and can ping from one site.
Any ideas?
Logged
nicovell3
Newbie
Posts: 12
Karma: 0
Re: IPSEC Site to Site VPN
«
Reply #7 on:
September 19, 2017, 06:19:34 pm »
Hi,
Maybe you aren't allowing some part of the traffic? You could place a tcpdump on each enc0 interface (this is the ipsec interface) and see if every packet is being routed through the tunnel.
Good luck!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
IPSEC Site to Site VPN