Road Warrior with remote IPSec sites
-
I have 3 sites which are connected via IPSec tunnels and the primary site has a Road Warrior OpenVPN server configured on it. I can VPN into the primary site and access clients on the .10 network without issues. However, from the VPN I don't have access to the remote IPSec .20 and .30 sites. I already added the custom options on the OpenVPN server to push the routes and I can do a trace from the VPN client and see the traffic being routed through the VPN so I know the clients are getting the routes. I think part of the issue is that I need a static route on the .20 and .30 sites so they know to router the 192.168.0.0/24 network back through the .10 network but I'm not sure.
Screenshots of the network and a trace attached.
-
You have to add a second phase 2 for 192.168.0.0/24 to both IPSec configs.
-
I just tried adding a second P2 to site .20
Site 20 P2
Local Subnet: 10.10.20.0/24
Remote Subnet: 192.168.0.0/24Site 10 P2
Local Subnet: 10.10.10.0/24
Remote Subnet: 192.168.0.0/24After I did that VPN clients couldn't reach 10 or 20. Somehow I think i messed up the local and remote subnet orders.
-
On Site 10 the settings should be
Local Subnet: 192.168.0.0/24
Remote Subnet: 10.10.20.0/24 -
That was it. I create another P2 for site 30 and now VPN clients have access to both sites.
Thanks for the help.