Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Road Warrior with remote IPSec sites

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 962 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      Injector22
      last edited by

      I have 3 sites which are connected via IPSec tunnels and the primary site has a Road Warrior OpenVPN server configured on it. I can VPN into the primary site and access clients on the .10 network without issues. However, from the VPN I don't have access to the remote IPSec .20 and .30 sites. I already added the custom options on the OpenVPN server to push the routes and I can do a trace from the VPN client and see the traffic being routed through the VPN so I know the clients are getting the routes. I think part of the issue is that I need a static route on the .20 and .30 sites so they know to router the 192.168.0.0/24 network back through the .10 network but I'm not sure.

      Screenshots of the network and a trace attached.
      Capture.JPG
      Capture.JPG_thumb
      Capture2.JPG
      Capture2.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        You have to add a second phase 2 for 192.168.0.0/24 to both IPSec configs.

        1 Reply Last reply Reply Quote 0
        • I Offline
          Injector22
          last edited by

          I just tried adding a second P2 to site .20

          Site 20 P2
          Local Subnet: 10.10.20.0/24
          Remote Subnet: 192.168.0.0/24

          Site 10 P2
          Local Subnet: 10.10.10.0/24
          Remote Subnet: 192.168.0.0/24

          After I did that VPN clients couldn't reach 10 or 20. Somehow I think i messed up the local and remote subnet orders.

          1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann
            last edited by

            On Site 10 the settings should be
            Local Subnet: 192.168.0.0/24
            Remote Subnet: 10.10.20.0/24

            1 Reply Last reply Reply Quote 0
            • I Offline
              Injector22
              last edited by

              That was it. I create another P2 for site 30 and now VPN clients have access to both sites.

              Thanks for the help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.