Todays project: Allowing additional local subnets to reach remote site without touching remote sites IPSEC configuration.
Given:
legacy ipsec configuration with given phase 2 network.
local subnet 192.168.0.0/24 – remote subnet 192.168.1.0/24
Additional local subnet (openvpn dialup network is 172.17.20.0/24).
We add this network as additional subnet, restart ipsec connection finalize with NAT rule:
