[strongSwan] Is it possible to access a VPN Tunnel behind a VPN Gateway
kazakevichilya at gmail.com
Fri Nov 15 21:24:24 CET 2019
You need to configure routing.
* Clients on 10 network must know that 192.168.30.1 is reachable via
192.168.20.1. You must add appropriate record to their routing tables.
* 192.168.20.1 must have forwarding enabled. If it has firewall, it must
also allow forwarding between these networks.
* 192.168.30.1 must know that clients in 192.168.10.0 is reachable via
192.168.20.1. You must add appropriate record to it's routing table.
Alternatively, you could implement source NAT on 192.168.20.1.
In this case 192.168.30.1 may be left unaware about clients because all
connections to it will "look like" connections from 192.168.20.1.
Not all protocols may go through nat nicely and also 192.168.30.1 would not
be able to connect to it's clients (only "answer" their connections).
On Fri, Nov 15, 2019 at 11:11 PM guega at guega.de <guega at guega.de> wrote:
> This is the requested scenario:
> There is a SITE-TO-SITE VPN connection between 192.168.10.0/24 network
> and a destination network 192.168.20.0/24.
> * Client 192.168.10.1 can ping server 192.168.20.1 in the 192.168.20.0/24
> <http://192.168.20.0/24> network*
> The remote *192.168.20.0/24 <http://192.168.20.0/24>* network has a
> working SITE-TO-SITE VPN connection with the network *192.168.30.0/24
> * Users in the 192.168.20.0/24 <http://192.168.20.0/24> network can ping
> Server 192.168.30.1 in the 192.168.30.0/24 <http://192.168.30.0/24>
> Is there a possibility to let client 192.168.10.1 ping server 192.168.30.1
> in the 192.168.30.0/24 network?
> How do I even route the traffic for 192.168.30.0/24 through the tunnel to
> the 192.168.20.0/24 network.
> Sadly a direct VPN connection between 192.168.10.0/24 and 192.168.30.0/24
> is not an option due to some business related reasons.
> "Ping" stands for Client/Server Communication.
> Any advise would be very welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users