I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-to-site vpn, so that i can leave only one Remote Access VPN and access both subnets. The issue is how to do it? My idea was an IPSec Tunnel using strongswan between the two sites and static routing on both sites routers to manage the traffic.
The sites are configured as follows:
A)
Only One Public IP : x.x.x.x
Subnet : 10.5.5.0/24
B)
One Usable Public IP : x.x.x.x
Subnet : 192.168.5.0/24
The questions are:
- Can I run the two services (IKEv2 Remote access and IPSec Tunnel) on the same strongswan instance? My answer to this would be NO, and if this is the case I'm ready to add a new instance of strongswan using another two ubuntu servers as gateway.
- But if I'm using two different server in the sites another issue comes up, the sites only have one public IP each, how do i deconflict IPSec and IKEv2 as both should be using the same ports? Can i change the ports used by the IPSec Tunnel? Or maybe i don't need port forwarding for the IPSec Tunnel?
This is my reference for the IPSec Tunnel. https://www.tecmint.com/setup-ipsec-vpn-with-strongswan-on-debian-ubuntu/
Any ideas on how to make this mess work? Do i ALWAYS need two different ip addresses for running two vpn servers? Could OpenSource DMVPN help?
Thanks in advance.