OpenVPN can't communicate with IPsec tunnel
-
So i'm having an issue with my network
i have a IPsec tunnel which works fine (192.168.40.0/24) with my local network (192.168.1.0/24)
i have an openVPN which works (192.168.4.0/24)now … when i use openVPN, i can access the local network
when i use local network i can access IPsec tunnel
but i can not access IPsec tunnel when i use openVPN (ie from 192.168.4.2 -> 192.168.40.2)
firewall or permissions aren't the problem because i can see it being allowed. i think there is a routing issue or setting issue of some sortany help would be appreciated
-
Do you have an IPsec phase 2 entry for 192.168.4.0/24 <=> 192.168.40.0/24 on both ends of the IPsec tunnel?
Do you have 192.168.40.0/24 listed as a local network on the OpenVPN server?
-
Yeh i do have a phase 2 entry for 192.168.4.0/24 on the local end, the other end is in another state
i do recall it working at some point though so i'm not sure that is the issue.and yeh i have 192.168.40.0/24 listed as a local network on the OpenVpn server
i'm trying to get in touch with the other side of the IPsec to see if they will add my 192.168.4.0/24 for it to work. do you think that is the problem?
-
Without a phase 2 on the other side, traffic from there to your OpenVPN subnet will not be interesting to IPsec and will not be forwarded over the tunnel.
-
do you think it would be a good idea to assign 192.168.1.0/24 address to openVPN in order to get around this? so that openVPN traffic will appear as local traffic
whenever i try assign static IPs to openVPN, it won't communicate with anything
am i missing something or is it not possible? -
Since you asked what I think, I think if you want IPsec traffic over an IPsec tunnel the proper solution is to get the correct Phase 2 entries in place.
Else you would have to bridge a tap-mode OpenVPN instance which you might be able to get to work but is not a recommended configuration.
-
just got it done. after 2 weeks of pulling my hair out. IT IS WORKING
thanks heaps for your expertise. need to shoot you a pack of tim tams ;)
-
Dear sir can you explain how did you do it ?
please
many thanks