Allow OpenVPN users through IPSEC VPN
With the death of PPTP I have switched to OpenVPN for our remote users.
The problem I've hit is the remote users using our IPSEC tunnels.
With PPTP they were assigned IPs on our local subnet so could access the IPSEC tunnels.
With OpenVPN I had to create a separate subnet for clients. This means the remote users are not on the subnet the IPSEC tunnel is configured for.
Without having to change the IPSEC tunnels is there anyway to get users connecting into the office using OpenVPN access to remotes sites via the IPSEC tunnels?
No. Changing the IPsec tunnel to accommodate the additional subnet is the best practice.
If your OpenVPN subnet can be summarized into a larger network with your LAN (e.g. x.x.0.0/24 and x.x.0.1/24) then IPsec could just use a wider mask on your side (e.g. x.x.0.0/23). Check a subnet calculator to be sure.