Win10 client only "partly" on GREEN network

I have managed to get enough IPSec working with (IPFire 2.25 core 142) to allow a Win10 Home computer to connect and ping other computers on the GREEN (office) network. However, nothing in the office can ping the address assigned to the Win10 client, the client seems unable to browse the office’s Windows network for computers/shares and the client loses ALL internet connectivity when connected (except, of course, for the internet link to the IPSec VPN.)

I mus be doing something wrong, but I have followed all of the instructions I can find (which required quite a bit of supplementary reading in order to have the minimum base knowledge required to follow the “step-by-step” instructions.) Hopefully someone will have an idea or two that may point me in the right direction to resolve this. Thanks!

Some times I’m not sure if I repeat myself to the same person so I hope it’s not the case here: the magic word is: default route.

Whatever you want to get through your vpn you need to define routes and that also applies to the other side.

I would love to do that. Where? How? There were no obvious options for such a setting during any of the setup or configuration screens I remember seeing. Every once in a while something appears that allows me to enter additional “routes” but since it appears to define a route as a single network mask, that leaves me confused about what is actually routed where. (To me that is like calling Pittsburgh a route.) This is one of the many things the documentation assumes I understand about how the IPFire system does things. But I don’t. Sorry.

Also, you mention “the other side”… Are you referring to the GREEN and RED sides? Any required route updates to a client (IPSec or OpenVPN) should be done automatically as part of the connect process, shouldn’t it? Or must my clients learn to enter commands to update their routing tables any time they connect?

Sorry for being so confused, but I am somewhat overwhelmed by helpful sounding, but ultimately incomplete, information.

All members of the VPN need to now where to communicate to so the routes may be configured on more members related to the kind of VPN you are running. There are different VPN models. For ipfire you will need the section “static routes”. You will need to know exactly what you want to have. There are tons of howtos, even videos, that show you how to do that. Not in special for ipfire but the basics are always the same.

Just to confirm, you are saying that I need use the WUI to go to Network, Static Routes and add an entry that will route all traffic to the GREEN network through the GREEN interface?