We have a UDMP with a few VLANs : 10.92.10.0/24
, 10.92.41.0/24
, 10.92.42.0/24
We have added a Wireguard server, which uses 192.168.4.0/24
, and works wonderfully (clients can connect and access resources on their allowed networks)
We then added IPSec site-to-site (route-based) with that 3rd party device on the other side (Sophos) to access 10.92.0.0/24
, which also works just fine (users on the UDMP VLANs can access resources across the VPN).
The issue is that users connecting via Wireguard cannot access resources across the site-to-site VPN ( so when user 192.168.4.100
tries to access 10.92.0.21
) - all traffic times out.
Things we've tried:
- checked firewall rules but nothing (should) match the above scenario, so it should be allowed.
- added a static route for
10.92.0.0/24
to be routed through the IPSec interface - added
192.168.4.0/24
as a remote network on Sophos but nothing has worked.
However, once adding the remote network on Sophos, we noticed that the tunnel would not come up, which led us to do some digging. UI docs state that all local networks are presented to the site-to-site VPN, however that is not the case for the Wireguard VPN network (all other networks in Settings->Networks are configured as local ends for vpn tunnels as can be seen in /etc/ipsec.d/tunnels).
Can anyone verify this theory, or at least advise on how we can manually add the additional tunnel to test?