I've also an VPN defined from the extenal Interface to the external Interface of a friend, and we're both able to acess the WebAdmin interface from the Internet (ok. its unsecure but for testing its okay). We're also be able to access each others ASL through the VPN.
The only thing which we have done is the following entry in the SYSTEM->SETTINGS-WEBADMINSETTINGS :
Allowed networks: ANY and my internal Network
You didn't need a Interface dedicated for VPN's. The VPN-Interface is an Virtual Interface on your ethX Interface.
I posted this a few day's ago. I believe this is the same topic.....Once the VPN connection is established you need to connect to WebAdmin via an Internal inerface IP address (Not External)...Astaro puts an entry into the routing table and even when the connection is terminated it stays there....I have to stop and restart the IPsec Daemon in order to get it to work again from that workstation...if you go to the post My fianl reply posses a few questions which were never answered....hope this helps...
just to understand the problem, if you configure a VPN to HOST 1, you are not able to access the external interface from Host 1 as long as the vpn is in place, is this correct?
If yes, the anwser is easy, all packets sent to the firewall are not encrypted. The firewall thinks that all packets going to Host 1 should be encrypted so the firewall sends a packets encrypted back, and Host 1 can not handle this.
2 solutions. 1. Access the internal interface for configuration. 2. Add a Host2Host VPN tunnel between the FW and Host 1.
