IPSec site to site cant access internet
-
I've set up a site to site vpn. 192.168.5.0(main office) - 192.168.0.0(branch).
The tunnel is connected and the .5.0 can ping/access the 0.0 The 0.0.(branch) network cannot access the internet or ping any systems on the .5.0.How do I get the 192.168.0.0 to be able to access the internet. Below are my settings:
Systems/General/DNS Server Settings: 1.1.1.1 (DNS Hostname Empty), (Gateway-none)
DNS Server Override: Unchecked
DNSSEC: UncheckedInterfaces/Wan: IPv4 Config: DHCP
Firewall/Nat/Outbound: Automatic outbound NAT rule
Firewall/rules/ipsec: Action:Pass, Interface: IPsec, Address: Ipv4, Protoco: Any, Source: Network - 192.168.5.0/24, Destination: Network - 192.168.0.0/24
Services/DNS Resolver/General Settings: Enabled, Network Interfaces: All, Outgoing Interfaces: All, DNS SEC: enabled
VPN/IPses/Tunnels/Edit Phase 1: Protocol - IPv4, Interface: Wan, NAT Traversal - Auto,
VPN/IPses/Tunnels/Edit Phase 2: Local Network: Network - 192.168.0.0/24, Nat/BINAT translation: None, Remote Network - 192.168.5.0/24
-
Figured it out...answering my own post in case it helps someone else.
The problem WASNT dns! Mark that for the record books. I believe it's one of two problems.
When I originally setup the wan I set a static wan interface. My ISP complained and told me to set it as dynamic (even though they issue us a static). Also on the initial setup I had not spoofed the mac address of the old firewall my isp had registered. The isp will issue a completely different ip range but not allow you to connect to the internet if using a different/unregistered mac. Somehow when I switched to dynamic it left the original (nonworking) static gateway. Upon checking the status/gateways I noticed the top entry in pink as offline under that is a WAN_DHCP with "Online" status. Once I deleted that top "offline" gateway, then I got internet.I was going insane because the vpn worked so I knew the internet worked...but also wouldn't. Hope it helps someone else