Naive question, what happens if in the Remote Subnet setting of Office1 you add, after the green subnet of Office2, a comma followed by the blue subnet of Office2 as well?
Again, naive question. To access the green network from the blue, we need a pinhole in the firewall. Is it possible that we need one as well for the blue network of the other side of the tunnel?
Both subnets have to be included in the IPSEC configuration for a computer in office1 to access both green and blue at office2. These should be listed, one subnet per line, in the configuration. Pin holes from blue to green are for local access. Adding to IPSEC should grant direct access to both subnets.
Office2 needs to grant IPSEC subnet access from office1 to
office2 lan 192.168.3.1/24
and
office2 wlan 12.12.10.20/24
tryed it but it wouldn’t work. office2 blue to green no problem. also office2 green to office1 green no problem. but blue office2 to green office1 would not work.
I unfortunately do not have my one IPFIRE box set up with IPSEC. I do have several other boxes running other firewall distros set up this way and these do work configured as I described.
Knowing you have solved this with two IPSEC connections, I found another solution as well. In Firewall settings, use NAT rules to forward traffic from Blue to Green then out to Purple. Rules must be in both directions Tried on Source NAT with a single host and it works. Should work the same but changing from single Blue host to entire Blue subnet.