Hello I have a problem.
I will that a PC (in the cloud) that can connect to an device in the orange network on the other site of the VPN.
The IPSec is working good
IPFire support more than one IP range in IPSec VPN’s so it should be enough to add the second range to the tunnel (local or remote subnet 192.168.32.0/24,192.169.0.0/24 )
Question.
The orange network have an Ip address of 192.168.0.200/24 and this subnet has access to an subnet of 192.169.0.0/16 this subnet are where the devices are
what must I put in the IPSec settings?
To be exactly: 192.168.0.200 is part of the network 192.168.0.0/24.
192.168.0.200/24 is identical to 192.168.0.0/24.
Or did you mean 192.168.0.200/32? But this isn’t a (sub)net, but a single device.
I also put the rule like you in the Ipfire config.
But the packets do not go from the DMZ to Amazon AWS and vice versa.
I don’t understand what’s wrong
I can see the requests (ICMP in my case) arriving on my firewall but they are not directed to the machines concerned.
Here are the network and IP concerned:
DMZ firewall interface is 192.168.5.1
DMZ machine is: 192.168.5.12
AWS machine is: 172.18.6.12
From my Green interface…I have no problem reaching the AWS network. The problem is just to my DMZ or my Wifi network (Blue).
Should I add a static route ?
I don’t see what route I should put since the firewall knows how to route the traffic to the concerned networks (DMZ, BLUE, GREEN and AWS ipsec).
My problem was that a IP ranges 192.169.0.* is a public assigned (RGNET LLC) address.
It will not through the firewall it’s go’s direct to internet.
I tryed with a static route that it go through the IPSec but it will not work.
Now I use an another IP rangs 10.0.100.x it works fine.
This shows once more, that it isn’t easy to build a firewall solution with IPFire without obeying the basic rules and definitions. Here private IP networks == { 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 }