Hub-and-Spoke VPN Model
I would like to deploy a hub-and-spoke model for my VPN configuration, with one "HQ" location and multiple "Branch" locations. I'm doing this with L2TP VPNs in a "Route" working mode.
I have successfully configured it to allow each branch subnet to connect to resources in the HQ subnet. E.g.:
- HQ: 10.18.0.0/16
- Branch A: 10.19.0.0/16
- Branch B: 10.20.0.0/16
From IPs in Branch A, I can reach IPs in HQ (spoke-to-hub), and from IPs in HQ I can reach IPs in Branch A or Branch B (hub-to-spoke). Excellent.
But, what is not working is the ability to reach Branch B IPs from IPs in Branch A (i.e. spoke-to-spoke).
This is with the default routing rules. I've also tried adding my own static and/or policy routing rules on the Branch A router to force traffic bound for Branch B to be routed through the HQ router first, but to no avail.
Is this possible? How can I reach Branch B from Branch A, using the built-in L2TP VPN functionality, with HQ router as the L2TP Server and each branch router as the L2TP Clients (in Route working mode)?
I haven't tested with routed L2TP but I have a similar solution with IpSec site to site. There is a central IPSec server that handles all VPN tunnels, here there is communication between all sites.
You can probably transfer this to L2TP
As you can see, routing is done in the VPN configuration, if you create manual routing you will most likely break it, so remove all manual routers.
At first glance it may look a bit chaotic but there is a system as you see.
IPSec Server, lets call it HQ Site_XXX is connected on a second VPN connection so remote subnet is on another VPN konfiguration.
And this is config on remote Site-B
@MR.S This doesn't seem to be possible with L2TP, as there are no options to configure routing rules or remote subnets. Here's a screenshot of the L2TP server options:
on the server you can probably choose custom ip on local network type and add the necessary ip networks, then you set the rest on the client configuration. I see you are using stand alone, it may be a bit more limited configuration there.
with Omada controller you can add 5 local networks
