IPSEC interface cannot see LAN interface
-
I have seen this question asked quite a few times but have never seen an answer, and now I have the same issue.
I have a LAN interface (192.168.2.0/24) which uses my WAN for internet, plus another interface (192.168.3.0/24) which accesses the internet through an IPSEC VPN. Internet access works fine, but I cannot access the LAN network from the IPSEC network. The phase 2 tunnel for this goes from 192.168.3.0/24 to 0.0.0.0/0.
I can ping 192.168.2.1 from the VPN network but cannot ping any other computers on the 192.168.2.0/24 network.
I tried adding 192.168.2.1 as a gateway, and added a firewall rule on the 192.168.3.0 interface to pass any traffic with destination of LAN through this gateway. When I ping I do see a state created on that firewall line but the status is 0:0 as seen below.
OVPN icmp 192.168.3.25:1 -> 192.168.2.4:1 0:0 120 / 0 7 KiB / 0 B
I am just not sure where or how in the routing that things are passed to the IPSEC tunnel.
I have also tried an OpenVPN tunnel instead. The routing is easier here and I can access all of the other networks but OpenVPN is much slower for some reason (5 mbps compared to 30 mbps).
I also experimented with doing a GRE tunnel over IPSEC, as I thought the routing would be more flexible. I got it connected but I could never get traffic to pass through it.
If I can get the internal interfaces talking to each other I think IPSEC will be the best solution. Any ideas?