route traffic from VPN server to network behind another interface
-
hello everybody;,
my configuration as below
i have 3 wan interface
one lan interface
and another lan interface to another firewall and this firewall has IPSEC
so locally
for specific destination i routed the traffic to the second firewall to IPSEC tunnel and all the other traffic goes to the wan interface as expected
now i just configured openvpn server split tunnel
and i want the traffic that needs to be routed to the IPSEC tunnel to go the another firewall
i configured the vpn server with push "route 10.21.1.0 255.255.255.0"
and when connected to the openvpn and when try to tracert the traffic to 10.21.1.10 seems that go throw the openvpn tunnel
but after that the packages goes down
i tried to allow all traffic from everywhere to any on all interfaces but the same
what i missing ???
routing works fine from lan
but not working from the VPN -
Maybe you're missing the route back from the destination device to the OpenVPN client.
-
what do you mean by route back
here our network
and everything is working fine only the red line that i want to do and notworking
-
The request packets coming from the OpenVPN clients (with source IP out of the VPN tunnel) are routed to the other firewall and across the IPSec tunnel. Presuming you're not natting the packets, the remote devices will send their responds back to the VPN tunnel IP.
So I asked if the remote side has a route for that direction.You need to set add a route (phase 2) on the IPSec tunnel and static route on the other firewall for the OpenVPN tunnel network.
-
This has come up before. You need to push a route for the remote LAN subnet to your OpenVPN clients and also configure a phase 2 for the OpenVPN tunnel network on each side of the IPsec tunnel.