Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn to main site to IPSEC tunnels to remote sites- HELP

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      acro-ii
      last edited by

      Ok,
      I have pfsense 2.1 running at my office.
      I have IPSEC tunnels to several remote offices running different versions of pfsense.
      I setup openvpn on my office network.  I can access all of my office network resources just fine over the openvpn tunnel.
      I cannot connect to ANY of my remote sites over the openvpn tunnel. 
      Of course I can access all remote sites from my office.
      I need to be able to establish an openvpn connection while away from my office into my office, then go out over the IPSEC tunnels to the various remote sites.

      What could it be?  I was running PPTP, and it worked just fine.

      1 Reply Last reply Reply Quote 0
      • M
        mattb253
        last edited by

        in the advanced settings for the OpenVPN server, make sure you enable the routes to those other subnets

        or you may also want to add a secondary phase 2 to each remote site in the IPSEC settings that has your OpenVPN tunnel subnet in it

        lastly check the firewall rules for both OpenVPN and IPSEC interfaces to ensure they're open to one another.

        1 Reply Last reply Reply Quote 0
        • M
          mattb253
          last edited by

          Good job getting off of PPTP though, it is not a secure VPN solution.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            You'll also need a matching P2 on the IPsec for the OpenVPN tunnel network, so traffic sourced from the OpenVPN clients makes it across the IPsec once it gets across the OpenVPN. Guessing you probably had your LAN subnet in use for PPTP so it matched what was there already.

            1 Reply Last reply Reply Quote 0
            • A
              acro-ii
              last edited by

              I have tried the push route in the advanced section, as well as a P2 entry on IPSEC.  I put the P2 entry under the remote site on my main unit, and still no connection.
              I'm sure I am missing something easy, just overlooking it!

              1 Reply Last reply Reply Quote 0
              • A
                acro-ii
                last edited by

                GOT IT!!!!!

                Had to have a phase 2 entry with the openvpn range, as well as add the IP's to the LOCAL NETWORK list.

                1 Reply Last reply Reply Quote 0
                • M
                  mattb253
                  last edited by

                  @acro-ii:

                  GOT IT!!!!!

                  Had to have a phase 2 entry with the openvpn range, as well as add the IP's to the LOCAL NETWORK list.

                  Awesome to hear. Love it when a good tunnel to tunnel connection works out  8)

                  1 Reply Last reply Reply Quote 0
                  • T
                    trantor
                    last edited by

                    Hello,

                    I have the same situation. I tried to solved it following the instructions but I can not  make it  to work.

                    Can you give more detail instructions please?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.