I think this is logical... OVPN Client behind Site-2-Site disconnects S2S when they connect
BogusException last edited by BogusException
There is a perfectly fine site-2-site from a HO (Home Office) to HQ (Headquarters). It's on port 1194, and life is good at cust site. I also configured a remote client VPN sitting on port 1196, with a /24, with a CA & unique .ovpn file.
If clients anywhere connect on 1196, life is good.
But for some reason, this one user was at the time behind the HO FW (using 1194), and started the client targeting 1196.
They connected OK!
But then the other HO users complained that they had been disconnected.
Both sides of the S2S are routable/non-RFC1918 addresses.
I think this makes sense, and naturally I asked, "If your HO LAN is already connected, why would you even need to connect?". They asked, "How can you fix the problem?"
Without getting too technical, to me this sounds rather desirable & logical. But is it what is supposed to happen?