On Wed, Jan 20, 2010 at 2:18 PM, Chris Buechler <cbuech...@gmail.com> wrote:
> On Wed, Jan 20, 2010 at 2:55 PM, Oliver Hansen <oliver.han...@gmail.com> > wrote: > > --snip-- > > > > Just last week, I set up a second VPN tunnel between the two routers. > This > > one has the destination subnet of 192.168.50.0/24 and now from the hub > > router we can reach that subnet but from the 192.168.2.0/24 still cannot > > reach it. My thinking was that the router with LAN and OPT1 would either > > route between the two subnets and if not, it would send data up one VPN > > connection because it was "interesting traffic" and then it would get > sent > > back down the 2nd tunnel to the other subnet. Neither of these things is > > happening. > > > > That traffic is going out IPsec because IPsec always wins over > anything in the system routing table including other directly attached > networks (just how it works in the FreeBSD kernel). You either have to > not include that other local subnet within your remote IPsec > definition, or use OpenVPN which will work properly in that scenario. > > > Thanks for the reply. I can understand that IPsec always wins but why if it is getting sent up the VPN tunnel does it not get sent back down the second VPN tunnel to the 192.168.50.0/24 subnet? Any of my other networks such as 192.168.3.0/24 can send traffic to the .50 network and receive replies. Is there something about having two IPsec VPNs between the same two boxes that causes this not to work? Example A: 192.168.3.0/24 -------------> 192.168.1.0/24 -------------> 192.168.50.0/24 = successful Example B: 192.168.2.0/24 -------------> 192.168.1.0/24 -----------X 192.168.50.0/24 = no success
