Re: [pfSense Support] Ipsec over LAN
On Tue, Oct 14, 2008 at 2:46 PM, BSD Wiz [EMAIL PROTECTED] wrote: With 1.2 is it possible to connect to pfsense boxes on the same subnet via an ipsec tunnel? Both boxes wan interfaces are private ip's. No, need different subnets. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Ipsec over LAN
On Tue, Oct 14, 2008 at 2:59 PM, BSD Wiz [EMAIL PROTECTED] wrote: To be clear, both boxes lans are different subnet of course but the WANs are on the same subnets. That might work. Give it a shot. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Ipsec over LAN
So your saying that the wan interfaces on the boxes need diff subnets? -Phil G On Oct 14, 2008, at 1:49 PM, Scott Ullrich [EMAIL PROTECTED] wrote: On Tue, Oct 14, 2008 at 2:46 PM, BSD Wiz [EMAIL PROTECTED] wrote: With 1.2 is it possible to connect to pfsense boxes on the same subnet via an ipsec tunnel? Both boxes wan interfaces are private ip's. No, need different subnets. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Ipsec over LAN
On Tue, Oct 14, 2008 at 2:59 PM, BSD Wiz [EMAIL PROTECTED] wrote: To be clear, both boxes lans are different subnet of course but the WANs are on the same subnets. If they're on the same ISP with privately addressed WANs that will work, if they allow routing between customers. If it's two different ISPs you aren't going to be able to connect them with private WAN IPs since they aren't routable across the Internet. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Ipsec over LAN
it's on my corporate network, both wan interfaces of the pfsense box are on the same private ip subnet. we built 2 labs using pfsense and now we want to connect the two labs. i haven't had any luck getting them to work yet... the reason i've asked the question is because i have several site to site vpn's over the internet up and running and never had any problems with them but i can't get this lan setup to work. so if i know it's should work i'll keep playing with it. thanks, -phil On Oct 14, 2008, at 4:30 PM, Chris Buechler wrote: On Tue, Oct 14, 2008 at 2:59 PM, BSD Wiz [EMAIL PROTECTED] wrote: To be clear, both boxes lans are different subnet of course but the WANs are on the same subnets. If they're on the same ISP with privately addressed WANs that will work, if they allow routing between customers. If it's two different ISPs you aren't going to be able to connect them with private WAN IPs since they aren't routable across the Internet. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Ipsec over LAN
Is there a particular reason you need this traffic to be encapsulated? At first blush, this would seem to be a pretty standard routing problem, easily solvable with static routes. Unless there's some very specific reason for needing the encryption. -Gary BSD Wiz wrote: it's on my corporate network, both wan interfaces of the pfsense box are on the same private ip subnet. we built 2 labs using pfsense and now we want to connect the two labs. i haven't had any luck getting them to work yet... the reason i've asked the question is because i have several site to site vpn's over the internet up and running and never had any problems with them but i can't get this lan setup to work. so if i know it's should work i'll keep playing with it. thanks, -phil On Oct 14, 2008, at 4:30 PM, Chris Buechler wrote: On Tue, Oct 14, 2008 at 2:59 PM, BSD Wiz [EMAIL PROTECTED] wrote: To be clear, both boxes lans are different subnet of course but the WANs are on the same subnets. If they're on the same ISP with privately addressed WANs that will work, if they allow routing between customers. If it's two different ISPs you aren't going to be able to connect them with private WAN IPs since they aren't routable across the Internet. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Ipsec over LAN
yes, there are reasons and it must be encrypted. thanks, -phil On Oct 14, 2008, at 5:11 PM, Gary Buckmaster wrote: Is there a particular reason you need this traffic to be encapsulated? At first blush, this would seem to be a pretty standard routing problem, easily solvable with static routes. Unless there's some very specific reason for needing the encryption. -Gary BSD Wiz wrote: it's on my corporate network, both wan interfaces of the pfsense box are on the same private ip subnet. we built 2 labs using pfsense and now we want to connect the two labs. i haven't had any luck getting them to work yet... the reason i've asked the question is because i have several site to site vpn's over the internet up and running and never had any problems with them but i can't get this lan setup to work. so if i know it's should work i'll keep playing with it. thanks, -phil On Oct 14, 2008, at 4:30 PM, Chris Buechler wrote: On Tue, Oct 14, 2008 at 2:59 PM, BSD Wiz [EMAIL PROTECTED] wrote: To be clear, both boxes lans are different subnet of course but the WANs are on the same subnets. If they're on the same ISP with privately addressed WANs that will work, if they allow routing between customers. If it's two different ISPs you aren't going to be able to connect them with private WAN IPs since they aren't routable across the Internet. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]