Hi there!
The scenario I would like to be able to use (without setting up another phase 2 IPsec (another local subnet)):
Accessing the IPs behind the IPSec side when connected to opnsense via WireGuard.
What I have is this: (road warrior to LAN ok, LAN to IPSec ok, road warrior to IPSec not ok due to missing phase 2)
Is it possible to give wg0 an address from inside the LAN? Like I used to do that on my Mikrotik Router which made it more easy to access devices behind another IPSec tunnel as all Roadwarriors were basically using LAN addresses.
Or:
If the first scenario is just not possible and what I am trying to figure out with no success.. How do I tell opnsense to NAT the wireguard client to the IPSec tunnel using a LAN address? To make it look like the requests are originating from the LAN?
Or:
Do I just have to byte the dust and add another phase 2 + subnet to the company IPSec tunnel?
Thank you in advance :)