Unable to access IPSec S2S tunnels over OpenVPN
-
Hello,
Got a problem I'm trying to solve if possible... I have multiple IPSec VTI tunnels out to different sites from my primary location.. I just deployed an OpenVPN VPN for client devices, I need them to be able to access the IPSec VTI tunnels, is this possible, or would it be best if I run the OpenVPN tunnel on a VM in the primary location, instead of using pfSense for this? I'm able to fully access resources on the site that OpenVPN is on, but nothing in the other sites, traceroutes show that pfSense appears to be dropping the traffic. I have OpenVPN setup to force all traffic over the VPN.
-
@mikespears said in Unable to access IPSec S2S tunnels over OpenVPN:
I just deployed an OpenVPN VPN for client devices, I need them to be able to access the IPSec VTI tunnels
I assume, the clients will rather need to access the network behind the IPSec VTI tunnels, right?
So the response traffic to the OpenVPN clients has to be routed back on the remote sites.
If that is no option, you can do masquerading by outbound NAT on pfSense on the concerned traffic. So this has the same effect for the remote sites as running the OpenVPN inside your network.or would it be best if I run the OpenVPN tunnel on a VM in the primary location, instead of using pfSense for this?
Best practice is to run the vpn server on the router.