Dear Community,
my name is david lorenz and I have a problem at one of our customers. At first I will describe my network situation. They have a HQ and a BO.
The HQ has the network: 192.168.2.0/24 (Sophos XG210 with 192.168.2.1)
The BO has the network: 172.25.0.0 /16 (OPNSense with 172.25.0.1)
There is a Site2Site VPN (Policy Based) between them both. I can not use Route Based because they have not a static Ip at the BO.
I created a Firewall Rule for the Site2Site VPN with Any <-> Any. Also I created a Rule for the Client VPN Range to the LAN (Any <-> Any) from both networks.
Now to my problem. Our Customer want to route client vpn traffic to the site to site vpn BO network ip "172.25.2.1". It doesent work. I added the branch office network to the connect client recources. also i created all needed firewall rules. Also I tried to add a vpn route "system ipsec_route add host 172.25.2.1 tunnelname Site2Site_Leipzig_Karlsruhe". Nothing work and I dont know how to solve that. Also I tried SNAT.
From Client to HQ VPN and S2S (without Client VPN) everything workes fine.
I withed they buyed a sophos firewall for the BO ^^.
Someone has a idea? Thanks in advance. At the following lines I will send some Screenshots of the HQ Setup:
S2S:
S2S FW-Rule:
IPSec Client VPN:
IPSec Client VPN Rule (Client VPN to BO):
Tryed NAT:
This thread was automatically locked due to age.
