Routing from WireGuard into IPSec
Hi,
The main use case for the gateway is to provide access to the resources in the private data network behind the IPSec connection.
That works flawlessly in the office, but remote devices connected over the WireGuard are not able to reach resources within that network.
Here is our setup:
Lan - 172.16.10.0/24 (gw 172.16.10.1)
WireGuard 172.16.12.0/24
Here is the traceroute from the remote device (I can't provide the text version because forum software says that the text contains forbidden external links)
Here is the trace from the office:
As far as I can understand the packets from the clients connected to the switch via WireGuard are not routed into the IPSec connection.
Is it possible to setup the router in a such way that clients connected via WireGuard will have access to the resources behind the IPSec connection?
@MR.S let me confirm I understood that correctly:
> s2s config at office add wireguard ip (172.16.12.0/24) under local ip
In IPSec VPN setting I switch Network Type setting from "Network" to "Custom IP" and added both IP ranges into the "Local Networks" section:
172.16.10.0/24
172.16.12.0/24
> at home then remote ip is wireguard ip (172.16.12.0/24) at office.
this I don't quite understand. do you mean that "Local IP Address" setting in the Wireguard config should be set to the 172.16.12.0/24 ? Currently it's 172.16.12.1
> if you route 0.0.0.0/0 in wireguard client you dont need to do anything more
that's exactly how I configured the client
[Interface]
PrivateKey = ....
Address = 172.16.12.2/32
DNS = 172.16.10.1
[Peer]
PublicKey = ...
AllowedIPs = 0.0.0.0/0
Endpoint = xxx.xxx.xxx.xxx:51820