I have two location each with 2 sub-nets. One location uses a OPNSense router, the other a m0n0wall (that will soon be updated to OPNSense).
The m0n0wall is connected to the sub-nets:
192.168.7.0/24
10.9.9.0/24
The OPNSense is connected to:
192.168.0.0/24
10.8.8.0/24
There are two IPSec tunnels. One connects 192.168.0.0/24 and 192.168.7.0/24 and the second connects 10.8.8.0/24 and 10.9.9.0/24.
(http://venus.morante.net/downloads/unibia/screenshots/IPSecTunnels.png)
My problem is that I am unable to figure out how to allow hosts on 192.168.0.0/24 to reach hosts on 10.9.9.0/24, and vice versa. Can anyone give my a hint?
Hi tuaris,
Is this IKEv1? Under IKEv2 with one Phase 1 and two Phase 2 this shouldn't be an issue as the subnets are being meshed:
rightsubnet = 10.8.8.0/24,10.9.9.0/24
Cheers,
Franco
tuaris,
You need to add a phase2 entry for all traffic that need to pass to the other side.
You already made two phase2 entries, one connecting 192.168.7.0/24 to 192.168.0.0/24, and one connecting 10.9.9.0/24 to 10.8.8.0/24.
You just need to add a third phase2 entry connecting 192.168.0.0/24 to 10.9.9.0/24
Kind regards,
Bert