Sounds to me like a NAT Reflection issue On Wed, Jan 20, 2010 at 5:51 PM, Oliver Hansen <[email protected]>wrote:
> > > On Wed, Jan 20, 2010 at 2:18 PM, Chris Buechler <[email protected]>wrote: > >> On Wed, Jan 20, 2010 at 2:55 PM, Oliver Hansen <[email protected]> >> wrote: >> > > >> --snip-- >> > >> > Just last week, I set up a second VPN tunnel between the two routers. >> This >> > one has the destination subnet of 192.168.50.0/24 and now from the hub >> > router we can reach that subnet but from the 192.168.2.0/24 still >> cannot >> > reach it. My thinking was that the router with LAN and OPT1 would either >> > route between the two subnets and if not, it would send data up one VPN >> > connection because it was "interesting traffic" and then it would get >> sent >> > back down the 2nd tunnel to the other subnet. Neither of these things is >> > happening. >> > >> >> That traffic is going out IPsec because IPsec always wins over >> anything in the system routing table including other directly attached >> networks (just how it works in the FreeBSD kernel). You either have to >> not include that other local subnet within your remote IPsec >> definition, or use OpenVPN which will work properly in that scenario. >> >> >> > Thanks for the reply. I can understand that IPsec always wins but why if it > is getting sent up the VPN tunnel does it not get sent back down the second > VPN tunnel to the 192.168.50.0/24 subnet? Any of my other networks such as > 192.168.3.0/24 can send traffic to the .50 network and receive replies. Is > there something about having two IPsec VPNs between the same two boxes that > causes this not to work? > > Example A: 192.168.3.0/24 -------------> 192.168.1.0/24 -------------> > 192.168.50.0/24 = successful > Example B: 192.168.2.0/24 -------------> 192.168.1.0/24 -----------X > 192.168.50.0/24 = no success > >
