I have configured 2 IPSEC-VPN-Tunnels between 2 Boxes for such a scenario.
Works like a charm.....
michael
I had two subnets. I had machines on both subnets. The opt1 interface
could not be pinged and was generally dropping packets. If I can't
communicate locally with some sort of reliability, How am I supposed to
make it work accross a VPN?
config pfsense 1.2.2
em1 outside: 24.39.nn.nn/28
em2 inside: 10.0.1.1/24
rl0 opt1 : 10.201.17.1/28
linux
eth0 10.0.1.210
eth0:1 10.201.17.5/28
Windows machine
IP Address. . . . . . . . . . . . : 10.201.17.4
Subnet Mask . . . . . . . . . . . : 255.255.255.240
IP Address. . . . . . . . . . . . : 10.0.1.130
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.1.10
other end. peer 66.241.43.nnn
tunneled net: 66.241.41.0/24
I also had a windows box with the dual ips on it and a route to the
66.41.241.0 net via the opt1 address.
With or without the VPN enabled I cannot ping the OPT1 from the windows
machine at all. I have a rule that passes traffic from any source with
the destination set to the opt1 interface and an opposite rule and still
no joy from the windows machine. From a linux virtual machine, I seem
to be able to ping it, but reponses don't happen at regular intervals
even though it shows the latency as being low. From a real linux
machine, I'm getting 96% packet loss. That kind of inconsistency
doesn't exactly give me the warm and fuzzies. There are no VLANs set up
nor are VLANs possible on our network. the opt1 interface and em1 are
plugged into switch ports that aren't on the same switch, but on the
same LAN. There's a problem, here and I think its related to BSD, not
pfsense. Vyatta is using the same VPN tools on Linux, but Linux handle
virtual interfaces differently, I'm sure.
The Sr. VP is coming down on me to get a 2nd internet connection that
only supporting the VPN shut down.
Unless I can get good communication going today, vyatta gets the nod at
5:00 pm.
Curtis
