OpenVPN client should use IPSEC tunnel
-
pfsense 2.3.2p1, two IPSEC site-to-site tunnels which allow the LAN subnet to access remote servers.
Now I have added an OpenVPN server and a remote warrior, this one comes into the system within the OpenVPN subnet which is different from the LAN subnet.
How can I enable the ovpn client to use the IPSEC tunnels? I tried adding the remote subnet to the config of the ovpn-server and/or push routes, without success.Do I have to rewrite (NAT?) the client's IP to an IP within the LAN subnet?
thanks for any pointers! -
You have to push routes to the client and you also need a matching Phase 2 on the IPsec tunnel for traffic from the OpenVPN client side to the remote IPsec network.
Trying to play tricks with NAT is more likely to bring pain than help, add a P2 and don't use NAT and you'll be much better off.
-
Adding a P2 would mean that also the remote IPSEC-gateway would have to add that P2, correct?
This isn't so easy as they aren't too cooperative and rather restrictive. -
Yes, a P2 would have to be added on both sides.
-
Thanks a lot.