On 3/29/07, Vaughn L. Reid III <[EMAIL PROTECTED]> wrote:
I'm using the 3-27 snapshot on the pfsense box.
I've searched both the forum and the mailing list archives, and I can't
seem to find an updated listing of how to get IPSEC to work over an OPT
interface as well as over WAN at the Same time.
Here's what I want to do:
I have several remote sites that use one of two companies for their
Internet access. Our main office also has Internet access through these
two ISP's. I want to configure the tunnels that have Internet access
through ISP A to use our ISP A connection, which is WAN, and those that
have ISP B, which is our OPT1, to use ISP B's interface on the pfsense
box for IPSEC vpn's.
I can get all of the VPN connections to work properly if they all use
the WAN interface, but this adds about 5 hops and 50 milli-seconds to
the round trip for those remotes that use ISP B.
Here's what I tried without success:
On the pfsense box, I changed the existing working configurations for
the desired VPN tunnels to use the OPT interface. I then saved my
changed settings and clicked the Apply button. At the desired remote
sites, I changed the remote Gateway IP on their (previously working when
using WAN) existing VPN tunnel configurations to use the OPT interface's
IP address. After doing this, I rebooted both the pfsense box and the
remote router. Also, the IPSEC interface has the default rule to allow
all connections and all traffic.
Both the pfsense machine and the remote sites have static IP's for their
Internet connections. The remote sites are using linksys RV series
firewalls. The dsl router at the main site for the OPT interface is a
netopia 3500 and it is set to bridge mode so that the OPT interface has
a real public IP.
Please post the IPSEC logs from the pfSense box.
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
