I have a Net-Net IPSEC vpn with Astaro 4.021. I would like to add wireless to the remote site and give them access to the main site internal network without compramising my security too much.
I am using an off the shelf linksys WRT54G wireless router and linksys usb WiFi adapters. I wanted to force WiFi clients to use IPSEC to authenticate as Roadwarriors to the remote Astaro box, and then give them access to the NET-NET IPSEC VPN, but I could not figure out the configuration.
Each Astaro box has 3 networks cards: Internal, External, and DMZ. The NET-NET only allows the internal networks to communicate. Using an ipsec client, the roadwarrior would get a virtual IP in a different range off of the DMZ network and seemingly not have access to the Internal-Internal tunnel. Would I need to create a second tunnel between my main internal network and my virtual IP network? Is that even possible? How can I limit access to just clients that authenticate against the astaro box (certificates?)
Any suggestions would be appreciated.
This thread was automatically locked due to age.