We’re setting up a simple site to site vpn across the public Internet. Both sites are in the 192.168.0.0/16 address space. We can make it work router to router but are having routing issues beyond the Internet facing routers.
We had to use a static route of 192.168.0.0/16 GW local internal net on both ends to be able to ping across the VPN and bring up the SAs, this seems wrong.
On other IP/SEC VPNs that we operate on Fortigate we’d normally use something like internal subnet addr GW 0.0.0.0 on the Internet facing router.
So what is the correct way to do routing here? We’d like to integrate the remote site (192.168.150.0/24) into our 192.168.0.0/16 address space. We use OSPF in the main network.