I have a setup that I cannot make work reliably. I had one client machine working perfectly all day, while others were not. Then, the first one just stopped working later.
Namely, I would like to have Windows 10 roadwarriors connect in via IPSec, and from there connect to devices on the far side of another IPSec tunnel. The roadwarrior subnet is set to be a subset of the Green interface, such that green is 10.1.0.0/24 and the roadwarrior subnet is 10.1.0.240/28 ( I have also tried using a completely different RW subnet).
I have tried this with both Split Tunneling and when sending all traffic over the tunnel, and I am occasionally able to make it work when sending all traffic over the tunnel, but it is not reliable, and it is currently not working as-is.
I can make this work with a MacOS client, currently, with a roadwarrior subnet that is distinct from the green subnet, and by placing that subnet in the TS for the IPSec tunnels, but Windows doesn’t play along. Moreover, setting up the tunnels with the RW subnet in the local/remote subnet fields also seems to make the tunnels far less stable. I have to periodically force the tunnel down for traffic to flow.
Has anyone achieved this?