I followed this guide:
https://www.reddit.com/r/Ubiquiti/comments/ksrbra/how_to_set_up_sitetosite_with_32_subnet_with/
Basically, we are trying to setup a temporary site to site VPN so one user can work with the emr vendor to build out the cloud based version of the emr software, once that is completed the site to site VPN is no longer needed.
Unifi uses swanctl to do ipsec VPNS, but does not allow you to create a remote subnet above a /30. The EMR Vendor has a few /32 subnets. I tried transitioning them to /24, which will not create a tunnel. I have also tried manually configuring the static routes for each subnet, which also does not work.
Using the above guide, I was able to get a tunnel established, but it does not appear to be routing traffic. I have asked for some logs on their end, but they are very slow to respond.
As far as I can tell, it is setup exactly like my two other working VPNS, so I am unsure where the issue could be.
What I did was create a Site to Site for each subnet, as it will only read the 1st route in the config file, and manually edit the files for the tunnels with the correct information using winscp. Then I restarted ipsec to establish the links.
It also doesn't help that icmp request are blocked, so I only have a URL to test through google chrome.
No comments:
Post a Comment