How to allow openvpn client access to a IPSEC vpn
-
I have a remote user the connects to us via OpenVPN. I also have a site-to-site IPSEC vpn from our local subnet to a remote site.
I now need to allow the OpenVPN client access to the IPSEC vpn so that he can connect to our local subnet but also our remote site.
Previously when we used PPTP it was no problem because the user was assigned a IP on our local subnet when connected.
Could someone point me in the right direction?
Thanks
-
You need to ensure your IPSEC tunnel also has a phase2 entry for your OpenVPN Client subnet (at both ends of your IPSEC tunnel).
You also need to ensure the OpenVPN client has a route to the remote subnet. You can do this by adding a line in the configuration options on the Client Export page. For example, if the remote site is 192.168.4.0/24:
push "route 192.168.4.0 255.255.255.0";
That's the theory, but in practice I have been struggling getting the client to automatically create the route on Windows 8.
If you manually create the route on the client it works fine. -
On 2.1 and later you just put a comma-separated list of subnets in "Local Network/s" and then the OpenVPN server tell the client about routes to all those. There is no need to use the Advanced box.