IPSec/IKEv2 VPN: How to access site-to-site VPNs within VPN?



  • Hey all – forgive my lack of proper terminology here. Trying to figure this out:

    • I have an IPSec/IKEv2 VPN set up that I use to get into my local network (let's call this network "Site A") while I'm on the go.

    • Site A is independently connected to two other sites ("Site B" and "Site C" via site-to-site IPSec tunnels.

    • When I VPN into Site A while on the go, I can access everything within Site A's actual local network, but I don't seem to be able to access any IP ranges for Site B or C.

    How can I achieve this?



  • Not sure if it would work, but maybe you can manually add the routes as per the instructions here

    https://forum.pfsense.org/index.php?topic=127457.0

    1. Add VPN Routes

    Copy/paste the following into PowerShell, replacing 10.5.0.0/16 with the appropriate remote LAN subnet:

    Code: [Select]
    Add-VpnConnectionRoute -ConnectionName "VPN_NAME" -DestinationPrefix 10.5.0.0/16 -PassThru

    That will tell Windows to send anything meant for 10.5.* over the VPN.


  • Netgate

    You probably need to add tunnels so sites B and C think the remote access tunnel network is interesting to IPsec so the reply traffic from there makes it back to Site A and, from there, back to the remote client.

    List all your networks at the sites and the tunnels (phase 2s) you have established. And the remote access tunnel network, and whether it is split-tunnel or if it sends all traffic over the VPN from the clients.