Hi.
I want to config IKEv2 tunnel for connecting from internet into LAN. Now tunnel connects and internet works, but I cannot access devices on LAN through tunnel (without masquerade).
On PPTP it was sufficient to set proxy-arp on bridge, but it don’t work here.
I guess that is because IPsec remote peer local address is set to 192.168.1.2 (router address on WAN, DMZ from globally reachable address), but I want to access LAN 192.168.0/24 (with 192.168.0.1 router address)
policies:
1 T group=vpn-policies src-address=0.0.0.0/0 dst-address=192.168.0.0/24
protocol=all proposal=vpn-proposal template=yes
proposals:
1 name="vpn-proposal" auth-algorithms=sha256,sha1
enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=8h
pfs-group=none
peers:
0 R address=0.0.0.0/0 passive=yes profile=default auth-method=pre-shared-key
secret="xxx"
generate-policy=port-strict policy-template-group=vpn-policies
exchange-mode=ike2 mode-config=vpn-conf send-initial-contact=yes
mode configs:
1 R name="vpn-conf" system-dns=yes address-pool=vpn-pool
address-prefix-length=32
pools:
1 vpn-pool 192.168.0.50-192.168.0.99
addresses:
# ADDRESS NETWORK INTERFACE
0 192.168.0.1/24 192.168.0.0 bridge-local
1 192.168.1.2/24 192.168.1.0 ether1-gateway
routes:
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.1.1 1
1 ADC 192.168.0.0/24 192.168.0.1 bridge-local 0
2 ADC 192.168.1.0/24 192.168.1.2 ether1-gateway 0