Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec mobile clients connecting to OpenVPN site-to-site VPN

    Scheduled Pinned Locked Moved OpenVPN
    19 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      morgejgmail @kiokoman
      last edited by

      @kiokoman said in IPSec mobile clients connecting to OpenVPN site-to-site VPN:

      i think that you need to add a second phase2 with the network you want to reach

      Okay, here is what I tried to add but am still not able to connect from the mobile IPSec client via HQ to the secondary network:

      f38038cb-0f3c-46e1-9499-9edb2a18a4a0-image.png

      Thanks again for the help.

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by

        it's the tunnel 10.3.100.0/30 that connect you to 192.168.20.0/24

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        M 1 Reply Last reply Reply Quote 0
        • M
          morgejgmail @kiokoman
          last edited by

          @kiokoman said in IPSec mobile clients connecting to OpenVPN site-to-site VPN:

          10.3.100.0/30

          I tried this but it did not work - thoughts? thanks again

          e5e23f00-bc61-452b-b227-fe7053dafad6-image.png

          1 Reply Last reply Reply Quote 0
          • kiokomanK
            kiokoman LAYER 8
            last edited by kiokoman

            are you adding or modifying the phase ? did you also check the firewall rules ?

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            M 1 Reply Last reply Reply Quote 0
            • M
              morgejgmail @kiokoman
              last edited by

              @kiokoman said in IPSec mobile clients connecting to OpenVPN site-to-site VPN:

              are you adding or modifying the phase ? did you also check the firewall rules ?

              Adding a second P2

              I have all the ipsec and openvpn firewall rules set to allow all - is there something specific I should be checking?

              1 Reply Last reply Reply Quote 0
              • kiokomanK
                kiokoman LAYER 8
                last edited by kiokoman

                ok i reproduced it on my lab and it's working now
                on my lab i have ipsec to -> openvpn client to -> openvpn server
                ipsec is 192.168.130.0/24
                lan is 192.168.120/24
                openvpn tunnel 10.3.100.0/30
                openvpn server 10.3.100.0/30
                remote lan 192.168.3.0/24

                ipsec:
                ipsec.jpg

                client vpn:
                vpnclient.jpg

                server vpn:

                vpn-server.jpg

                be sure that ipv4 remote network on the openvpn server have the network of your ipsec defined

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                M 1 Reply Last reply Reply Quote 1
                • M
                  morgejgmail @kiokoman
                  last edited by

                  @kiokoman said in IPSec mobile clients connecting to OpenVPN site-to-site VPN:

                  idk i have reproduced this on my lab and i have the same problem. i'm still checking this

                  Thanks so much for the help!

                  One thing I thought of this morning is that the P2 rule I created was listed second - the first P2 was to route everything (0.0.0.0) and the second P2 was to route to the OpenVPN tunnel address. I will try reversing this order when I get a chance this morning to see if that helps.

                  Any advice you can offer would be greatly appreciated. Thanks again

                  1 Reply Last reply Reply Quote 0
                  • kiokomanK
                    kiokoman LAYER 8
                    last edited by

                    i have modified my previus answer check that

                    ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                    Please do not use chat/PM to ask for help
                    we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                    Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                    1 Reply Last reply Reply Quote 0
                    • M
                      morgejgmail
                      last edited by

                      That fixed it!

                      FWIW, I had to make the change in the client OpenVPN configuration to allow the IPSec IP range because in my configuration the IPSec connection is to the OpenVPN server.

                      Thanks again...please let me know if I can send you a cup of coffee for your help!

                      1 Reply Last reply Reply Quote 0
                      • kiokomanK
                        kiokoman LAYER 8
                        last edited by

                        just press "thumb up" on the answer, the coffee would become cold :)

                        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                        Please do not use chat/PM to ask for help
                        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                        M 1 Reply Last reply Reply Quote 0
                        • M
                          morgejgmail @kiokoman
                          last edited by

                          @kiokoman said in IPSec mobile clients connecting to OpenVPN site-to-site VPN:

                          just press "thumb up" on the answer, the coffee would become cold :)

                          Thumb up applied.

                          Thanks again!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.