IPSec Remote Access to network across an IPSEC site to site
-
I've got 2 pfsense firewalls one at home, one at work. They are connected via ipsec site to site vpn.
I've also got ipsec mobile clients configured for laptops, phone etc.
Work Network 172.16.1.0
Mobile Clients virtual address pool 10.254.69.0Home Network 192.168.0.0
Mobile Clients virtual address pool 10.254.68.0When remotly connected to either home or work I can't see devices on the other network. I can see devices on local network.
I remember that I will need a 2nd P2 Entry in order to see these networks respectivly. I just seems that I can't put together the right syntax to get it to work.
First question. Do i add the 2nd P2's to the Site to Site connection or to the Mobile connection?
I tried adding a P2 (to the site to site connection ) to each side that said Local network 10.254.69.0 to remote network 192.168.0.0 (not NAT), just remote network and 10.254.68.0 to remote network 172.16.1.0.
My thinking is that when connected to the work network, my device is coming on the 10.254.69.0 network and it needs to see the 192.168.0.0 network. Same in the other direction, home remote 10.254.68.0 device needs to see the 172.16.1.0 network.
Are any firewall rules needed or just the P2 settings?
Clearly I'm doing something wrong here. Can someone point me in the right direction. Many thanks.
-
I was able to resolve my problem with the help of a post: mobile ipsec clients cannot see site to site ipsec lan
After getting one side to work, I had difficulty get the other side to work (I have remote access on both sides, so I wanted similar functionality in either direction).
It turns out that you end up with 2 additional P1 connections and 2 P2 connections.
I basically had to customize the labels and ip addresses in the article for either direction and them implement them. I just kept getting turned around and that was basically the only way I got it to work. Created to installation sheets for the Work FW and the Home FW.