Working IPSec Site2Site VPN needs addditional IP-Segment for one Location

Hi there,

i’ve connected two Sites with an ipfire ipsec-vpn years ago…now one Site added an new IPsegment to thier infrastructure that needs to be available for the other site…So far so easy and tunnels are cheap, i thought and configured a new tunnel simmular to the first one. The effekt was that the old tunnel or the new tunnel could be successfully activated but never bouth at the same time. So i searched the web for others having such a problem…and found one who putted the additional segment seperated by a “,” behind the first in ipsec.confs left/rightsubnet-parameter like that:
rightsubnet=192.202.102.0/24,192.168.104.0/24
I tried that using the webinterface an it wrote the ipsec.conf as i expected. The tunnel came up, but the additional segment wasn’t routed through it. It was sent to the internet and not throuch the tunnel.

So now i need some good advice in how to connect to multipe ipsegments at one site with an ipfire ipsec-vpn…

Thanks