Noobie question: I don’t yet have a config problem. I just don’t know where to start.
I have 2 networks with different subnets joined by a new IPsec VPN. When away from the network, i connect using my laptop using a L2TP VPN.
My question is: what do I need to use to be able to get to the “far” network when I connect my laptop via the L2TP VPN to the "near’ network. When using a pc connected directly to either subnet I can get to the other one.
I haven’t added any routes but suspect I have to. Any pointers to get me started would be appreciated.
It depends on the ranges you assign to the L2TP clients. If your site-to-site tunnel uses plain IPsec, you currently use ipsec policies with src-address=site-A-lan-subnet and dst-address=site-B-lan-subnet and vice versa. If you assign the L2TP clients on each site addresses from these existing LAN subnets, you don’t need to change anything, except that in such case the arp parameter of the LAN interfaces has to be set to proxy-arp. If you choose a separate pool for L2TP clients, you have to add matching IPsec policies, site-A-lan-subnet<->site-B-l2tp-subnet and site-A-l2tp-subnet<->site-B-lan-subnet.
If your site-to-site tunnel uses “something over IPsec” (something=gre,ipip,eoip…), then the above is still true except that you have to use normal routes instead of ipsec policies in the second case.
Thank you sindy. That worked. I changed the pool to the same subnet and changed the profile to proxy-arp on the bridge only and things seem to work now.