Hello,

please consider the following setup:

- Router with WAN IP on ether1.

- ether2-ether5 are part of bridge "intranet" that has LAN IP 10.2.1.1 (with subnet 10.2.0.0/16).

- There exists an IPsec site-to-site VPN between this router and a remote router. The remote router hosts the subnet 172.19.0.0/24. All traffic between 10.2.0.0/16 and 172.19.0.0/24 runs over this VPN (policy with src address = 10.2.0.0/16, dst address = 172.19.0.0/24).
On the router runs a RADIUS client that has to be able to communicate with a remote RADIUS server that has IP 172.19.0.100 (reachable via VPN).

Problem is that sessions initiated by the RADIUS client use the WAN IP as sender IP and thus do not flow over the VPN. Therefore they do not reach the remote RADIUS server. The remote RADIUS server can only be reached via the VPN.

Is it possible to let the RADIUS client use the bridge‘s IP 10.2.1.1 as sender IP so that its session requests to the remote RADIUS server will be routed through the VPN?

Or is there another way to let traffic that stems from the router itself flow over the VPN?

How can we accomplish this task?

Thanks for your help,
mcw

Isn't there a src-address option in the /radius menu?

Isn't there a src-address option in the /radius menu?

There is.

Thanks for opening my eyes