I have 2 sites (dhcp wan, different private subnets, both mikrotiks) connected with IPSec site2site (Ikev2), everything works as expected, access from subnets to each other and to internet.
Now I have added L2TP/IPSec (psk) for roadwarriors to one site and IPSec/Ikev2 (rsa) for roadwarrios to other site. Both work fine (win10 and android), meaning I have full access to the private subnet of the site the roadwarrior connects to and to the internet (through roadwarrior tunnel and then out).
But I am out of ideas how to enable roadwarrior to access subnet of the other site, meaning traffic from roadwarrior goes through tunnel to site and from there goes through site2site tunnel to other site.
Any hints appreciated, I learned a lot in the recent days but I am still lost.
Shouldn’t be any problems accessing networks if you have configured policy to use road warrior client subnet to access remote network. over site to site tunnel. Or other method source-nat road warrior IPs to one of the IPs configured in site to site policy.
Many thanks, that helped a lot, I got the src-nat and also the policy-based method working over l2tp, have chosen policy-based method in the end.
I am still struggling with the pure ipsec roadwarriors, but have to fiddle some more. I am not sure if its not a client problem, android native behaves differently wrong than android strongswan, ping is working on both clients, web via ip only on strongswan, other subnet via dns only on strongswan, web via dns on none … Hadnt the time to check win 10 client so far… we will see