t1n1wall

t1n1wall Support (English) => Feature Requests => Topic started by: tuaris on March 22, 2021, 06:51:54 PM

Title: Multiple Phase 2 Entries for IPSec Tunnels
Post by: tuaris on March 22, 2021, 06:51:54 PM
In case the title isn't self explanatory, this allows you to use IPsec with multiple subnets.  The diagram below explains this.

Without another phase 2 entry, hosts 192.168.7.123 and 10.8.8.2 are unable to communicate with each other.  Unless there was a way to tell t1n1wall to route traffic from 192.168.7.0/24 to 10.8.8.0/24 over the existing IPSec tunnel (which there isn't and static routes don't work). 

Additionally, some have suggested to create a 3rd IPSec tunnel using the same keys and endpoints, but with different subnets.  That doesn't work either.  It results in only one of the two tunnels working.

(http://venus.morante.net/downloads/unibia/other/Multipile-Phase-2-small.png)

The correct solution is the create a second phase 2 entry for the existing IPSec tunnel.
Title: Re: Multiple Phase 2 Entries for IPSec Tunnels
Post by: andywhite on April 07, 2021, 11:56:46 AM
Hi,  Is there a link to the diagram ?  I can't understand the request without it I think