Mobile client to home network w/ access to remote site-to-site network
This has probably been discussed but i don't know the terminology to search for. If it has, I apologize. Feel free to point me in the right direction. Ive got an IPsec mobile vpn setup on my pfsense sg-1000. I can connect from my phone to my pfsense home network, no issues.
Ive got a site to site network setup between my home pfsense and vacation house ubiquiti ER-X. I used this tutorial to get it working: https://help.ubnt.com/hc/en-us/articles/115012408087-EdgeRouter-IPsec-Policy-Based-Site-to-Site-VPN-to-pfSense#vlan%20interfaces This is also working with the exception that I can't access the ER-X router to configure it from home. That's a topic for another discussion, and maybe a different forum. I can access all devices on that network though.
From my phone, I'd like to be able to connect via mobile IPsec VPN to home pfsense and have access to the vacation home ubiquiti network. This is challenging to setup because Im only there once a month and wife would not allow me to play on the computer the whole trip so Im trying to figure this out before I get there.
My assumption is that I need to add a second tunnel by adding a separate phase 2 entry in pfsense using the subnet of the mobile VPN as the local subnet, and the river house subnet as the remote?
In the ER-X I believe I just need to click "+Add Subnets" with the above subnets, local/remote reversed of course. The ER-X creates the rules automatically so I don't think I need to do anything there.
Since I don't need to connect from river house to phone, I shouldnt need an IPsec firewall rule in pfsense, correct?
Am I on the right track or is there an easier way to make all the mobile traffic look like its coming from the home network subnet?
I think we want to do the same thing ish