IPsec: Remote Access to Multi Site to Site.
-
I have a Multi Site to Site setup:
- Site A <-> Site B <-> Site C
During Remote Access connection to Site B on the road (by WireGuard or L2TP):
- I can connect to Site B's resource
- I can exit to Internet though Site B's internet connection.
- But can't reach to Site A nor Site B
Any suggestion?
-
@HKFEVER said in IPsec: Remote Access to Multi Site to Site.:
But can't reach to Site A nor Site B
You might mean A and C.
I assume, this is a policy-based IPSec. So you need to add additional phase 2 to the A and C connection, to connect the remotes local network(s) with the road warrior tunnel network.
Remember to configure the phase 2 on both sites. -
Yes, A and C, sorry for typo.
Site B can ping and connect to A & C's devices.
But for WireGuard remote client, how to add additional phase 2 for A and C?
-
@HKFEVER
The wg clients get IPs out of the tunnel network. So you need a phase 2 for the tunnel network.E.g. in the wg configuration you stated the interface for the server: 10.52.2.1/24. So 10.52.2.0/24 is your tunnel network.
-
Say the Site B to Site A:
- P1 is connect to Remote Gateway 48.37.35.162
- P2 is connect to Remote Gateway's network 192.168.4.0/24 (this is Site A's subnet)
- Do you mean to add 2nd P2 to this tunnel? And what network should I put in?
-
@HKFEVER
Yes, you need an additional p2.At A:
local network: LAN net
remote: road warrior tunnel networkB:
local: road warrior tunnel network
remote: LAN A network -
Confused.
Remote client's subnet is 192.168.5.0/24
Site B IP is 28.37.35.162, subnet is 192.168.2.0/24:
Tunnel B <-> C:
P1 is connect to Remote Gateway 38.37.35.162
P2 is connect to Remote Gateway's network 192.168.3.0/24 (this is Site A's subnet)
For additional 2nd P2, what network should I put in?Tunnel B <-> A:
P1 is connect to Remote Gateway 18.37.35.162
P2 is connect to Remote Gateway's network 192.168.1.0/24 (this is Site A's subnet)
For additional 2nd P2, what network should I put in?Site A IP 18.37.35.162, subnet is 192.168.1.0/24:
Tunnel A <-> B:
P1 is connect to Remote Gateway 28.37.35.162
P2 is connect to Remote Gateway's network 192.168.2.0/24 (this is Site A's subnet)
For additional 2nd P2, what network should I put in?Site C IP 38.37.35.162, subnet is 192.168.3.0/24:
Tunnel C <-> B:
P1 is connect to Remote Gateway 28.37.35.162
P2 is connect to Remote Gateway's network 192.168.2.0/24 (this is Site A's subnet)
For additional 2nd P2, what network should I put in?