Can a remote VPN user (client) access other VPN IPSEC site to site?

alessdom · Feb 9, 2019, 2:24 PM

We have a Pfsense version 2.4.4 configured with a VPN IPSEC site to site with our partner.
Our Network is 10.0.1.0/24
Partner network is 172.25.0.0/16.
Users connected in our local network (10.0.1.0/24) access partner network (172.25.0.0/16) successfully.

We have also remote users connected to our Office with an OpenVPNClient.
The OpenVPN is configured like that:
Tunnel Network
10.0.2.0/24
Local Network:
10.0.1.0/24
Remote users get an IP in 10.0.2.0/24 and reach successfully 10.0.1.0/24.

I need that also remote users (10.0.2.0/24) can access customer network 172.25.0.0/16.

Is it possible to do such a thing?

Konstanti · Feb 9, 2019, 3:28 PM

@alessdom said in

Hey
You need to create an additional PHASE 2 on both sides of the tunnel.
for networks 172.25.0.0/16 <--> 10.0.2.0/24

alessdom · Feb 9, 2019, 4:07 PM

Thanks!,
I've found a similar solution that doesn't require partner side intervention.

I've added customer network in OpenVpn :
Tunnel Network
10.0.2.0/24
Local Network:
10.0.1.0/24, 172.25.0.0/16.

Then I've added Phase 2 with NAT:
Local Network 10.0.2.0/24
NAT: 10.0.1.0/24
Remote Network: 172.25.0.0/16

It works!