Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Route/pass IP traffic from IPSec client network to remote Wireguard networks
« previous
next »
Print
Pages: [
1
]
Author
Topic: Route/pass IP traffic from IPSec client network to remote Wireguard networks (Read 537 times)
twwwt
Newbie
Posts: 1
Karma: 0
Route/pass IP traffic from IPSec client network to remote Wireguard networks
«
on:
February 28, 2023, 05:02:16 pm »
Hello,
I would appreciate some help to get the following working for an OPNsense 22.10.2 firewall:
We have configured an IPsec VPN for road warriors (clients). The Virtual IPv4 address pool for clients is 192.168.200.0/24. The local LAN in the main office has the subnet 192.168.100.0/24.
In addition, we have configured a Wiregard site-to-site VPN to integrate two remote nodes/networks, say A and B. A's local subnet is 192.168.102.0/24. B's local subnet is 192.168.103.0/24.
The following is working already:
IPsec road warriors can access the main office's local LAN; i.e. 192.168.200.* -> 192.168.100.* is possible.
LAN hosts can access hosts both of the local LAN of A and B; i.e. 192.168.100.* -> {192.168.102.*, 192.168.103.*} is possible.
Host in the local LAN of A and B can access hosts in the main office's LAN; i.e. {192.168.102.*, 192.168.103.*} -> 192.168.100.*.
What is not working yet and what I would like to achieve is that IPsec road warriors can also access hosts in the local LANs of A and B; i.e., what needs to be done is to enable IP4 traffic flowing from
192.168.200.* -> {192.168.102.*, 192.168.103.*}
As the other traffic flows are already working, I guess this must be a matter of configuring proper routing and perhaps some more "Pass" firewall rules. I have already tried to add a static route for IPsec clients (e.g. `route -n add -net 192.168.102.0/24 192.168.200.1`) but that doesn't seem to be sufficient.
The inverse direction is not ultimately needed but would be good to also know how to set this up, in case it will be needed some day.
Any help on how to set this up is highly appreciated.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Route/pass IP traffic from IPSec client network to remote Wireguard networks