IPSEC between 3 sites with no direct tunnel from A to C
-
I need some help to shed me some lights over an IPsec tunneling. Here I will explain on my current setup.
Site A <-------IPSEC------> Site B (HUB) <------IPSEC------> Site C 192.168.10.1/24 192.168.20.1/24 192.168.30.1/24
Tunneling from Site A to Site B & Site B to Site C are working fine. However Site A is not able to reach Site C directly and vice versa. And I also want for site A to carry site B LAN IP to communicate with site C.
On Site A the phase 2 entry: Local: LAN Subnet Nat / Binat: None Remote: Network (192.168.20.1/24)
On Site C the phase 2 entry: Local: LAN Subnet Nat / Binat: None Remote: Network (192.168.20.1/24)
On Site B there are 2 IPSec Tunnels:
Site A Phase 2 entry: Local: LAN Subnet Nat: None Remote: Network (192.168.10.1/24)
Site C Phase 2 entry: Local: LAN Subnet Nat: None Remote: Networ (192.168.30.1/24)
Kindly let me know if you may require any other information. Thank you in advance.
-
I would think at a minimum you would need to enter some routing rules in sites A & C. In site A, route traffic for 192.168.30.0 to site B. On site C do the opposite.
-
Also see this post, it is very similar to what you're trying to do and the OP lays out his solution nicely.
https://forum.netgate.com/topic/143368/route-traffic-between-two-ipsec-tunnels/6