Access Remote Subnet over IPSec Tunnel

[tuaris]

I have two location each with 2 sub-nets. One location uses a OPNSense router, the other a m0n0wall (that will soon be updated to OPNSense).

The m0n0wall is connected to the sub-nets:

192.168.7.0/24
10.9.9.0/24

The OPNSense is connected to:

192.168.0.0/24
10.8.8.0/24

There are two IPSec tunnels.  One connects 192.168.0.0/24 and 192.168.7.0/24 and the second connects 10.8.8.0/24 and 10.9.9.0/24.



My problem is that I am unable to figure out how to allow hosts on 192.168.0.0/24 to reach hosts on 10.9.9.0/24, and vice versa.  Can anyone give my a hint?

[franco]

Hi tuaris,

Is this IKEv1? Under IKEv2 with one Phase 1 and two Phase 2 this shouldn't be an issue as the subnets are being meshed:

rightsubnet = 10.8.8.0/24,10.9.9.0/24


Cheers,
Franco

[BertM]

tuaris,

You need to add a phase2 entry for all traffic that need to pass to the other side.
You already made two phase2 entries, one connecting 192.168.7.0/24 to 192.168.0.0/24, and one connecting 10.9.9.0/24 to 10.8.8.0/24.
You just need to add a third phase2 entry connecting 192.168.0.0/24 to 10.9.9.0/24

Kind regards,
Bert