Best solution Road warrior to IPSec SITE toSITE
-
Hi,
I have build succesfully with the help of @viragomann a Vpn site to site.So I have:
IPSEC
(our local-subnets)----(172.21.0.0/16)vlanX[FIREWALL]wan(192.168.0.2)----(192.168.0.1)ISP-Router(188.218.123.123)-----{internet}----(62.97.2.6)wan[Remote-GW-Peer]lan----(remote-subnets)I have 2 phase 2 to go to remote site be sufficient: 10.208.0.0/14, 10.100.9.0/24.
there is also a NAT rule to go to those lan VPN SITE to SITE with NAT
I have also crated a vpn for road warrior users. using the OpenVPN server. It works
In this case the OpenVpn LAN is 172.31.0.0./16
I can connect happy with the LAN 172.21.0.0./16 because as the guide suggested i have added this lan inside the LocalNetwork.
========================================================
I have now to made possible for the road warrior to navigate inside the ipsec tunnel.
if he hasto go to the 10.208.0.0/14 he is natted and redirected inside the tunnelReading somewhere i have found that this could be the solution (adding more phase2)
https://forum.netgate.com/topic/105946/openvpn-site-to-site-roadwarrior/3Is this the way??
-
The 1 step was to push this config to clients, so the packet on VPN ipse is routed inside the Open VPN tunnel
Under local networks there are :
Lan,
the remote net identified in phase2 n.1
the remote net identified in phase2 n.2