Routing Problem with various IPSec networks- How to solve?

[PotatoCarl]

Hi,
I have a setup with OPNSense were several IPSEC and OPENVPN networks connect. While to connection from the main network to the VPNs and back works fine, I cannot route from one VPN into another.

I have allowed all the IPs etc., and the ping for example arrives well, but then kind of stops.

A similar, and maybe related problem is, that I have a VirtualMachine under KVM on one host, to which I can connect from the network it is in, but not from any of the VPNs.

So what I have is:

192.168.1.0/24 -IPSEC/VPN-> 192.168.2.0/24, 192.168.3.0/24 (different outposts)

What I can do is

192.168.1.0/24 <-VPN-> 192.168.x.0/24

What I want to do (and cannot) is:

192.168.x.0/24 <-VPN-> via 192.168.1.1 (router) <-VPN-> 192.168.y.0/24

The second problem would be (if it is not related, ignore it):

192.168.x.0/24 <-VPN-> via 192.168.1.1 (router) <-local network-> 192.168.1.x (specific ip adress of a VM)

I have now turned, screwed and broken any knobs I could find and wonder if my problem is related to the firewall here.

Thank you for your input.

[mimugmail]

Your SA setup is really confusing. Can you post a Screenshot of all P1 and P2 overview?

[PotatoCarl]

what is a P1 and P2 overview and where can I find it?

[mimugmail]

VPN - IPSec - Tunnel Settings - Expand Phase2 and make a screenshot of the whole page.

[PotatoCarl]

Sorry for the late reply. I was travelling.

https://owncloud.brace.de/owncloud/index.php/s/TxOdnlxxfIwU38X
password: 123opnsense

Does this help?

As said, my IPSec connection does not get forwarded behind the firewall. I.e. I can access all servers in the network of the server (192.168.1.0/24), but not "behind that", i.e. other VPNs.

There is also one server (KVM Virtual machine) in the server network, that cannot be access outside the local network.

I assume that is a routing problem. Inserting the routes to the static route page did not help, but maybe I did something wrong.