Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Accessing both ends of ipsec tunnel using road warrior setup

    IPsec
    1
    3
    837
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jski last edited by

      Hello,

      I currently have the following ipsec tunnel set up between our datacenter and office, and it's working perfectly from either end.

      DC: 10.10.10.0/24 network (LAN), 192.168.1.0/24 network (DMZ)
      Office: 10.1.10.0/24 network (LAN)

      I can get access to any devices on any network, as long as we're physically on one of the three networks.  No problems.

      I also set up a road warrior access setup going into our office network.  When you're connected using a VPN client, you can access anything on the office network.  No problems there.

      The problem is that you can't reach the other end of the tunnel when remoted in;  I can't get to any of the datacenter equipment when VPN'd in to the office.  This is likely some kind of routing or gateway issue, but I'm not familiar enough with ipsec to really know what I'm doing wrong here.  I'd like this setup, as we'd be able to properly lock down our datacenter ports to remove any possible outside entry from anywhere but the office.

      Any help would be greatly appreciated, and if you need any more info to make sense of this setup, let me know!

      1 Reply Last reply Reply Quote 0
      • J
        jski last edited by

        Bump.  This doesn't seem like a hard question, I just need a little assistance.

        1 Reply Last reply Reply Quote 0
        • J
          jski last edited by

          Last bump, I was able to resolve this, so I figured I'd leave the solution in case it helps anyone else in the future.

          The issue, as suspected, was routing:  packets didn't know, once they left the office through ipsec, how to get back.  I needed to go back into the ipsec setup and pass the new OpenVPN virtual tunnel subnet through as additional phase2 entries.  Once I did this, everything started working smoothly, and we no longer have problems.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post