Thank you for a clear and concise description of your problem. Cheers Jon
On Wed, 2017-05-03 at 09:48 -0400, Eleuterio Contracampo wrote: > Thank you Jon. It works! > > -EC > > On Wed, May 3, 2017 at 6:48 AM, Jon Gerdes <[email protected]> > wrote: > > > EC > > > > Add an additional Phase 2 entry on each set of tunnels: > > > > pf2 -> pf1 = tunnel A > > pf2 -> pf3 = tunnel B > > > > Add a Phase 2 on tunnel A for local 192.168.40/24 to remote > > 192.168.44/24 > > > > Add a Phase 2 on tunnel B for local 192.168.44/24 to remote > > 192.168.40/24 > > > > Add firewall rules to taste. > > > > Cheers > > Jon > > > > > > On Tue, 2017-05-02 at 17:45 -0400, Eleuterio Contracampo wrote: > > > Hello everyone, > > > > > > I have the following setup: > > > > > > PFsense1 (LAN1: 192.168.40.0/24) > > > PFsense2 (LAN2: 192.168.41.0/24) > > > PFSense3 (LAN3: 192.168.44.0/24) > > > > > > I've got two MPLS lines connecting PFSense2<->PFSense1<->PFSense3 > > > (PFSense1 > > > is the center of the star topology). I use IPSec tunnels on top > > > of > > > MPLS > > > links. > > > > > > I'm able to get from LAN1 to LAN2 and from LAN1 to LAN3 via IPSec > > > tunnels. > > > > > > I need to make LAN2 and LAN3 visible to each other. Is it > > > possible to > > > do it > > > via IPSec links? > > > > > > I've tried adding an additional Phase 2 entry at PFSense1 posing > > > as > > > if LAN3 > > > were local, and adding the corresponding Phase 2 entry at > > > PFSense2 to > > > tell > > > LAN2 to route packets destined to LAN3 via that newly added Phase > > > 2 > > > sub-tunnel against PFSense1. Packets do arrive to PFSense1 but > > > don't > > > progress any further despite having static routes indicating > > > howto > > > get to > > > LAN3. I hope I'm clear about the problem. > > > > > > If it were not possible to do it via IPSec routing, is there any > > > other > > > solution different than NAT+static routes? > > > > > > Thanks in advance! > > > -EC > > > _______________________________________________ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
