Route a remote user VPN connection through a site-to-site VPN

Consider the scenario

Google Drive Link for diagram

1. A customer has two sites, both with Unifi routers
2. Site A has a Remote User VPN for accessing local resources remotely
3. Site A and Site B have a Site-to-Site VPN configured between them, e.g. so users at Site B can access resources at Site A

In this scenario, suppose that a user wants to connect to Site A using the Remote User VPN configured at Site A, but also needs to access resources located at Site B.

By default, this will not be possible because there is no route from the Remote User VPN at Site A to the local network at Site B.

The following configuration is required: 1. In the Unifi Controller, at Site A, create a static route to Site B's local network 1. Name: A descriptive name such as "Route to Site B" 2. Distance: 1 3. Destination Network: The network address in CIDR notation of Site B's local network (i.e. 192.168.2.0/24) 4. Type: Interface 5. Interface: The Site-to-Site Interface 2. Likewise, do the same in the reverse direction but to the Remote User VPN network. In the Unifi Controller, at Site B, create a static route: 1. Name: A descriptive name such as "Route to Site A Remote User VPN" 2. Distance: 1 3. Destination Network: The network address in CIDR notation of Site A's Remote User VPN (i.e. 192.168.100.0/24) 4. Type: Interface 5. Interface: The Site-to-Site Interface

With these settings in place, traffic should be able to route through the Remote User VPN at Site A, through the Site-to-Site VPN to Site B, and finally to the local resource at Site B.

Keep in mind that Windows hosts will also need a firewall rule created to allow network traffic from the Remote User VPN network address as described in this article: https://hr.universitypccare.com/wiki/windows-firewall-rules-required-for-intervlan-communication-via-vpn