IPSEC mobile client in transport mode: possible? No subnets defined somehow
-
@sgw said in
I think such a connection is impossible ,I should think , still, this type of connection is used for RW (road warrior) -
When there is no fixed ip address, for site-site connection I would recommend openvpn tunnel
-
@konstanti Yes, I see ... we had the openvpn tunnel up already and pinged the tunnel endpoints, but not the nets behind. Maybe settings on the LTE-router, maybe my fault. We will retry on friday, the other admin is away till then.
EDIT: I will maybe open another topic in "openvpn" section, but just mentioning:
/27 on remote side, allowing that source net to OPENVPN interface and target net /24 (VLAN). Unsure if that should be enough. Didn't see blocked packages in firewall logs. -
@sgw
there need correctly configure the OPENVPN server
so that the client know about 10.135.16.195 and the server about 172.16.160.0/27 -
@konstanti that 10.135.16.195 ... don't know what that is. Maybe the dynamic WAN on the remote client side. Will check as soon as the admin gets back there. Thanks!
AND we have MultiWAN on our side. I had to add some rule back then, haven't found it yet.
-
yeah, probably.
On the OpenVPN side of the server, in the Tunnel Settings section, you can specify- IPv4 Local Network - the network to which you need access from the server side
- IPv4 Remote network - 172.16.160.0/27 (network for routing through tunnel)
In this case, the client will know about the remote network behind the server and the server will know about your network 172.16.160.0/27
and shouldn't be a problem
-
@konstanti said in IPSEC mobile client in transport mode: possible? No subnets defined somehow:
yeah, probably.
On the OpenVPN side of the server, in the Tunnel Settings section, you can specify- IPv4 Local Network - the network to which you need access from the server side
- IPv4 Remote network - 172.16.160.0/27 (network for routing through tunnel)
Yes, we got that. Wrote to the guy, waiting for his changes, tomorrow, I assume.
I also made him change that /27 to /24, just to remove any special stuff to get it working first, then goon from there. -
@sgw
Good )))
If there are problems after establishing the connection, look at the routing table on your router-is there a route to the server network ? And at the other side of the tunnel, too, will have to check it ) -
@konstanti said in IPSEC mobile client in transport mode: possible? No subnets defined somehow:
@sgw
Good )))
If there are problems after establishing the connection, look at the routing table on your router-is there a route to the server network ? And at the other side of the tunnel, too, will have to check it )I have checked that as we tested. No routes to that /27 on pfsense, although the ovpn-tunnel was up and we could ping the tunnel-endpoints. So I wait for /27 -> /24 to remove that q.
-
@sgw
You can always create a static route to the server network , but it is better to do everything correctly so that the server itself sends this information to the client )))