Hey Tim Good evening,
Can you add in some hypothetical subnetting with prefixes that
match the real thing? I know there is wierdness with how IPsec was
shoved into the PF stack but if the source/dest IPsec proxies are
correct the hub IPsec box should re-encrypt and send seeing the
destination networks as directly connected through the ENC0 interface
(PF team jump in if I am mis-speaking).
Wade B
On Dec 16, 2007 6:14 AM, Tim Korves <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi there,
>
> I'm facing problems while routing traffic trough an IPSec tunnel.
>
> This is my configuration:
>
> Branch 1 ---- pfSense IPSec server (HQ) ---- Branch 2
> |
> |
> Branch 3
>
> All branches are running pfsense. All branches are able to "talk" to the
> HQ. But the communication between the branches is not possible. I
> created static routes on each branch pfsense which point to the other
> branches' subnet via the HQ. But instead of using the tunnel to route
> the packets, the branch routers trying to use their PPPoE connection
> which fails on their ISPs first router (what a wonder ;-))... Anyone has
> an idea how to realize this? Firewall rules permit every traffic via the
> IPSec tunnels. Nothing's blocked.
>
> Regards, Tim
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHZTLhB5sXJ5cmuvMRApBLAJ4uyP7zHaUJiNCKC3G4fuNqHLWQPQCfTIgP
> qEDmSFczhwcEKUEtG3TaFEE=
> =wBe2
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Wade Blackwell
"Integrity is often more painful and always more profitable than
perception management"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
