-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Wade, hey all,
Subnets are: HQ: 212.14.xx.64/26 Branch 1: 10.3.3.0/28 Branch 2: 10.3.3.16/28 Branch 3: 10.3.3.32/28 E.g. at Branch 1 I've added a static route for 10.3.3.0/28 via 212.14.xx.65 . At the HQ's pfSense, all traffic from and to IPSec is permitted by only one rule. As others said, I should mesh all branches together, wouldn't be possible so easy. Only the HQ has a static IP on it's WAN interface, all the Branches don't have a static IP on WAN. Regards, Tim Wade Blackwell schrieb: > Hey Tim Good evening, > Can you add in some hypothetical subnetting with prefixes that > match the real thing? I know there is wierdness with how IPsec was > shoved into the PF stack but if the source/dest IPsec proxies are > correct the hub IPsec box should re-encrypt and send seeing the > destination networks as directly connected through the ENC0 interface > (PF team jump in if I am mis-speaking). > > Wade B > > On Dec 16, 2007 6:14 AM, Tim Korves <[EMAIL PROTECTED]> wrote: > Hi there, > > I'm facing problems while routing traffic trough an IPSec tunnel. > > This is my configuration: > > Branch 1 ---- pfSense IPSec server (HQ) ---- Branch 2 > | > | > Branch 3 > > All branches are running pfsense. All branches are able to "talk" to the > HQ. But the communication between the branches is not possible. I > created static routes on each branch pfsense which point to the other > branches' subnet via the HQ. But instead of using the tunnel to route > the packets, the branch routers trying to use their PPPoE connection > which fails on their ISPs first router (what a wonder ;-))... Anyone has > an idea how to realize this? Firewall rules permit every traffic via the > IPSec tunnels. Nothing's blocked. > > Regards, Tim >> - --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] >> >> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHZ3SYB5sXJ5cmuvMRAlDMAJ49vNsXzlopkzULnhg8S2BWvxExjgCg3NL5 4GCo121jl8NL6l21e54wsxo= =7xkZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
