Omada - Route from one VPN Tunnel to another
I have an omada gateway and set up some manual vpn site to site tunnels.
Lets say
192.168.10.0/24 - omada default network
192.168.20.0/24 - manual ipsec
192.168.30.0/24 - manual ipsec
192.168.40.0/24 - manual ipsec
I can reach every network perfectly from the default network.
What I want is that I can dial in to the gateway by setting up client to site L2TP and reach EVERY routed network.
I set up the client to site tunnel but I only "see" the default network 192.168.10.0/24.
How do I route the traffic from one Tunnel to another?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi,
Have you allowed to connect to other subnets on both sides in IPsec configuration?
Main router (add those subnets to Local Networks):
Site router (add those subnets to Remote Networks):
Check if that'll solve your problem. If not, then I guess you would have to add some ACLs to Permit access between thoses subnets.
- Copy Link
- Report Inappropriate Content
@RaRu The problem here is, that the gui doesn't allow to define local networks other than the ones I defined under "wired networks".
Where is your screenshot from?
- Copy Link
- Report Inappropriate Content
@MVZ_MUDr_C Oh wait, I have to switch to "custom ip"
So I have my Client to Site L2TP Server and defined all networks as local. Client is routing everything through the tunnel.
Still only routes 192.168.10.0/24 :-(
The Site to Site for 192.168.20.0/24 looks like this for example:
- Copy Link
- Report Inappropriate Content
@MVZ_MUDr_C - I kind of resovled it for me. I defined the address pool for the l2pt clinets inside the local network. It worked.
I'm not satisfied with this but it works. I probably need to place the vpn address pool into the right places.
Thanks to @RaRu for leeding me on the right track.
- Copy Link
- Report Inappropriate Content
I mean... I'm using IPsec and I do have several subnets configures between the sites and the cross access works...
I'm not sure if for L2TP this can be some issue.
Sorry it didn't worked out the way you planned.
BTW, why won't you switch to IPsec since it's newer and more secured than old L2TP?
- Copy Link
- Report Inappropriate Content
@RaRu I need a client to side road warrior setup. And I can deploy L2TP per configuration profile directly to a mac. I didn't get IKE2 to work with omada and evrything else needs additional software an a mac.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 165
Replies: 6
Voters 0
No one has voted for it yet.