FWG <> FWG site-to-site VPN ping IPs across subnet issues
I've got a Firewalla Gold ("primary") that has a block of static IPs on a fiber line. It has a VPN server running via Wireguard. Unobstructed internet access/ports, etc. No double NAT.
I've got a 2nd Firewalla Gold ("secondary") that has double NAT, but has otherwise worked fine, and I don't have a choice/access to the main corporate router controls.
Primary network subnet: 192.168.15.1/24
Secondary network subnet: 192.168.115.1/24
I can ping the router and devices from the primary network to the secondary just fine (192.168.15.1/24 > 192.168.115.1/24). Neither internal LAN has "block ICMP (ping)" checked.
However the secondary site cannot ping anything to the primary, despite the client site VPN connection being active and applied to all devices.
Side observation: there are two WAN lines (primary and backup) at the secondary site (on the non-FWG WAN 1st NAT). My traffic seems to identify with IP 1 generally, but when I look in Firewalla's wireguard setup, I noticed it shows the second WAN IP (again, on this site, both WANs are outside this FWG altogether).
Any ideas on the minimum interventions necessary here to resolve this?
Please sign in to leave a comment.
Comments
1 comment