I have setup a FortiGate 40F as a SSL VPN Client behind a StarLink CGNAT connection to a FortiGate 40F on a normal public IP connection, because StarLink is problematic with IPSEC VPN and I wasn't able to get dialup NAT-T to work...
[FG 40F - Site1 - Public IP]
FortiGate IP: 192.168.12.1
Local LAN Subnet: 192.168.12.0/24
SSL VPN Server, SSL IP VPN Pool: 10.212.134.200 - 10.212.134.210
No VPN static routes
Firewall Policy (ssl.root) to (lan) allowed
and (lan) to (ssl.root) allowed
[FG 40F - Site2 - CGNAT]
WAN: CGNAT Restricted
FortiGate IP: 172.20.0.1
Local LAN Subnet: 172.20.0.0/16
SSL VPN Client connected to Site 2 - assigned SSL VPN IP 10.212.134.200
No static routes for VPN or Firewall Policies
I can succesfully ping 192.168.12.0/24 from Site2 with no issues and access any resources - as expected as a VPN Client of Site1...
BUT I can't ping anything from Site1 to Site2 e.g. the assigned IP 10.212.134.200 or 172.20.0.1 despite trying several combinations of firewall policies...
Has anyone tried to do reverse path routing with a dialup SSL VPN?? Is this possible?