Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Clarification on IPSec and OpenVPN documentation

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shy.newbie
      last edited by

      Hi,

      I would like to clarify the statement that I saw on pfSense documentation quoted below:

      "Word of caution: You can have both IPSec and OpenVPN enabled/in use at the same time, however, not for the same subnets. Any IPSec tunnel that references a subnet you wish to use in OpenVPN must be disabled, but IPSec andOpenVPN do not conflict."

      found on this link

      http://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

      This is my setup:

      network1 –-- IPSec ---- network2 ---- OpenVPN ---- network3

      where each network only has one internal network.

      I thought of creating an IPSec tunnel between network1 and network2, then an OpenVPN tunnel between network2 and network3 with the condition that both network1 and network3 should be able to reach each other.  I think this is possible with pushing routes on the networks to make them reachable.  I am however confused on the part of the documentation that says "You can have both IPSec and OpenVPN enabled/in use at the same time, however, not for the same subnets."  I am confused if this means that since network 2 only has one internal network, then I could only use it to connect on IPSec tunnel or OpenVPN but not use it on both.  Or does this mean that network1 and network3 must have different subnets?

      Thanks so much.  :)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That should work fine, what that warning means is that you can't have IPsec and OpenVPN between the same two locations carrying the same two subnets.

        So you can't have:

        Site A:
        x.x.1.0/24
        Site B:
        x.x.2.0/24

        And have IPsec between x.x.1.0/24 <-> x.x.2.0/24 and OpenVPN between x.x.1.0/24 <-> x.x.2.0/24 - identical networks.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          shy.newbie
          last edited by

          thanks so much! :)

          @jimp:

          That should work fine, what that warning means is that you can't have IPsec and OpenVPN between the same two locations carrying the same two subnets.

          So you can't have:

          Site A:
          x.x.1.0/24
          Site B:
          x.x.2.0/24

          And have IPsec between x.x.1.0/24 <-> x.x.2.0/24 and OpenVPN between x.x.1.0/24 <-> x.x.2.0/24 - identical networks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.