Openvpn to main site to IPSEC tunnels to remote sites- HELP
-
Ok,
I have pfsense 2.1 running at my office.
I have IPSEC tunnels to several remote offices running different versions of pfsense.
I setup openvpn on my office network. I can access all of my office network resources just fine over the openvpn tunnel.
I cannot connect to ANY of my remote sites over the openvpn tunnel.
Of course I can access all remote sites from my office.
I need to be able to establish an openvpn connection while away from my office into my office, then go out over the IPSEC tunnels to the various remote sites.What could it be? I was running PPTP, and it worked just fine.
-
in the advanced settings for the OpenVPN server, make sure you enable the routes to those other subnets
or you may also want to add a secondary phase 2 to each remote site in the IPSEC settings that has your OpenVPN tunnel subnet in it
lastly check the firewall rules for both OpenVPN and IPSEC interfaces to ensure they're open to one another.
-
Good job getting off of PPTP though, it is not a secure VPN solution.
-
You'll also need a matching P2 on the IPsec for the OpenVPN tunnel network, so traffic sourced from the OpenVPN clients makes it across the IPsec once it gets across the OpenVPN. Guessing you probably had your LAN subnet in use for PPTP so it matched what was there already.
-
I have tried the push route in the advanced section, as well as a P2 entry on IPSEC. I put the P2 entry under the remote site on my main unit, and still no connection.
I'm sure I am missing something easy, just overlooking it! -
GOT IT!!!!!
Had to have a phase 2 entry with the openvpn range, as well as add the IP's to the LOCAL NETWORK list.
-
GOT IT!!!!!
Had to have a phase 2 entry with the openvpn range, as well as add the IP's to the LOCAL NETWORK list.
Awesome to hear. Love it when a good tunnel to tunnel connection works out 8)
-
Hello,
I have the same situation. I tried to solved it following the instructions but I can not make it to work.
Can you give more detail instructions please?