OpenVPN client access other network though IPSec site to site network
-
Hi All, I have two site with ipsec to connected and both firewall rule allowed any any between site A and B, site A is (192.168.11.0/24) and Site B is (192.168.12.0/24), site A configure with OpenVPN client to connect and tunnel network address is 172.16.0.0/24, openvpn client able to access to Site A resource, but fail to access or ping site B, both firewall is allowed for openvpn tunnel network, and openvpn server already pushed the remote local network route 192.168.11.0 and 192.168.12.0 though the openvpn interface, I would like to known how to solve my problem or something is missing.
-
If you can reach A but not B it's a routing issue, not OpenVPN. Start by checking your routes.
-
Yes, just able to ping site A but fail to site B, but I site A local IP is success to ping site B local IP, you mean I need to create a static route for openvpn tunnel address to site B , and I not use VTI ipsec , I can't see the ipsec interface for routing.
-
There could be a couple of things. You can ping A, so you have a route to it. Is it the default route? That depends on how you set up the VPN. If not, you'll have to provide a route on your client. This is where traceroute comes in handy. It'll show how far and where you go.
-
@JKnott Thank you so much, finally fixed with the IPSec tunner phase 2 need a extra entry with the openvpn tunnel network (e.g 10.0.1.0/24) in site A an B, now the ipsec tunnel have two phase 2 entry one is local network and one is the openvpn tunnel network address.