NAT OpenVPN network to IPSec Tunnel
-
I have a PFSense box setup with two VLANs. One is for an IPSec tunnel and the other is for general traffic. I want to be able to OpenVPN into PFSense box and access the hosts on the other side of the IPSec tunnel. I don't have control of the IPSec on the other end so the phase two is expecting a 192.168.5.0/24 address. My OpenVPN network is set to 192.168.50.0/24 to avoid some sort of collision.
I think I need to setup some sort of outbound NAT rule that translates any traffic going from 192.168.50.0/24 to one of the tunnel IPs (say 10.1.1.0/24) to come from a 192.168.5.0/24 address.
I have the OpenVPN and IPSec firewalls both wide open for testing purposes. The OpenVPN tunnel is able to access both VLANs without a problem. The only thing the OpenVPN clients cannot access is the remote network over the IPSec connection.
I have added an outbound rule but I don't know if it is correct or if I need something more than this to make it work.
Any clue how to set this up?
-
You'll have to change the interface to IPSec interface and the translation to interface address.
-
I don't think you can do that on IPsec.
-
OK, I figured this out. I set the IPSec DHCP to run from 192.168.5.50 to 150 then I set the OpenVPN interface to run at 192.168.5.192/26 which leaves the DHCP at the top end of that /24. I am now able to OpenVPN into the box and cross over into the IPSec VPN.
