Hi Community.
Apologies if this has all ready been covered some where. If so please point me in the right direction.
So I have two nethserver7 systems that connect to each other via IPSec. One of these is in a remote office where the only connection avalible is one though the mobile network. There is no static ip avalible on this network and no way of opening ports of any sort.
There for the nethserver at this end has “dead peer detection” enabled inorder to keep the connection live after the odd reboot.
This works very well and the connection is stable.
At the other end is my home nethserver where I have complete control over the WAN.
My plan was to have a cuple of roadwarrior accounts at this end in order to allow acess to the remote site though my server.
Sadly though I cannot get this to work.
The IPSec works fine from my home lan and after testing the roadwarrior accounts these also work fine but only for connecting to the home lan. I am unable to access any systems on the IPSec vpn. Can’t ping any IP’s on that network.
The roadwarrior vpn is set to routed I’ve not tried bridged but would rather is worked in routed mode and after reading the documentation I’ve ticked allow traffic between VPN’s in firewall settings.
If more info is needed in oder to help then please ask.
I’ve continued with this and after adding the roadworrior routing information to the IPSec connection and then selecting the option of sending all traffic over the openvpn roadworrior it’s now working.
But I’d like to get it working with out the all traffic option.
Site A: LTE Mobile WAN connection, no Ports usable. Outgoing IPsec works.
Site B: Normal WAN connection. Theoretically all VPN options open.
Future Situation and Solution:
RoadWarriors connect with VPN to Site B, and can access whatever needed in Both Sites A and Site B.
I’d suggest using OpenVPN for the RoadWarrior part, not IPsec. OpenVPN has much less problems for RoadWarriors, and is VERY fast at restarting, if needed. And is freely available using Open Source, even for Windows RoadWarriors or Mac Users.
Caveats and Gotchas…
Here you have the option to force all clients to use your connection (maybe you have a PIHole at home you want to use on the road…) for anything. Is not a requirement here, it’s an option!
You may need a routing entry pointing to Site A, and make sure it’s in the “GREEN” segment.
You do need to add in your target networks in OpenVPN.
You may need to use 2 VPNs (two sites!), but OpenVPN allows almost unlimited open VPNs…
Many thanks for your input.
Sorry I should have been clearer about the type of roadworrior but it is in fact OpenVPN for all roadworrior connections.
You have some good tips/hints there and I shall have a play around with some of your sugestions to see if I can improve on what I’ve managed so far.