v6.10 IPSec multiple networks including hotspot

uldo · March 21, 2014, 11:15pm

So here’s the thing:
1.1.1.0/24 - hotspot LAN with WDS.
2.2.2.0/24 - LAN

I have an IPSec vpn to 2.2.2.0/24 which works just fine. What I need is to access 1.1.1.0/24 via same vpn as well so I can access AP’s and I can’t make it work. Have been bashing my head against it for 6h or so…

> ip ipsec peer print
Flags: X - disabled 
 0   address=0.0.0.0/0 passive=yes port=500 auth-method=pre-shared-key-xauth secret="123" xauth-login="" 
     xauth-password="" generate-policy=port-strict exchange-mode=main mode-config=vpn send-initial-contact=yes 
     nat-traversal=yes proposal-check=obey hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d 
     lifebytes=0 dpd-interval=2m dpd-maximum-failures=5

> ip ipsec mode-config print 
Flags: * - default 

 1   name="vpn" send-dns=yes address-pool=dhcp_poolINT address-prefix-length=24 
     split-include=1.1.1.0/24,2.2.2.0/24 


> ip ipsec policy print 
Flags: T - template, X - disabled, D - dynamic, I - inactive 
 0 T  group=vpn src-address=1.1.1.0/24 dst-address=2.2.2.0/24 protocol=all proposal=default template=yes 

 1 T  group=vpn src-address=2.2.2.0/24 dst-address=1.1.1.0/24 protocol=all proposal=default template=yes 

 2 T  group=vpn src-address=2.2.2.0/24 dst-address=2.2.2.0/24 protocol=all proposal=default template=yes

> ip ipsec user print 
 # NAME                                                    PASSWORD                                                   
 0 user                                                      pass
 1 user2                                                    pass

Am I missing something?
If you need additional info just let me know what do you need…

uldo · March 26, 2014, 1:37am

Bump

trunet · March 31, 2016, 3:19pm

Hello,

Sorry for resurrecting this 2014 problem.

Did you find the solution for this? I’m having the same problem on the latest version: 6.34.4

uldo · March 31, 2016, 6:55pm

Hi.

I did solve it, but unfortunately i don’t remember exactly how, whether it was a solution or a workaround, and i can’t look at it because since then I’ve completely reworked that clients network.
Somehow I’m thinking that I did add firewall rules that allowed me to “speak” to specific IP’s on the hotspot network, but i’m not sure. If I will remember what I did, I’ll post it, but for now that’s all I can help you.