Roadwarriors @ Branch1 cannot see range on other side of IPSec tunnel @ Branch2



  • Hi, somewhat of a n00b here, love pfSense!

    I have two remote branches connected for file sharing by two pfSense boxes.
    Both sites are version 2.2.6 (I know there is an update, but that will temporarily break my Lightsquid, and I have this problem so holding off for now.)
    We used IPSec with a PSK to create the tunnel between the branches.
    Then we used OpenVPN section to create a server for Roadwarriors to connect when away from branches.

    Server is in Remote Access SSl/TLS + User Auth mode.
    UDP – 1194
    Server certificate in use (using the pfSense box to create that certificate)

    Site 1 – range 192.168.11.0/24

    Site 2 – range 192.168.3.0/24

    When a user is at either branch, they can see either server through the tunnel. (The tunnel works)

    However when an OpenVPN roadwarrior (outside of a branch) connects to site 1, she can see the server on the 192.168.11.0 range perfectly.
    But she cannot see the server on the 192.168.3.0 range at all. I cannot ping anything in that range when connected to Site 1.

    Things I have tried:

    a. In my OpenVPN Server configuration I have added under Tunnel Settings – IPV4 Local Networks
    192.168.11.0/24, 192.168.3.0/24

    b. In my OpenVPN Server configuration I have added under Advanced Configuration – Advanced
    push "route 192.168.3.0 255.255.255.0"

    None of that worked.

    Is there a way to route traffic from an OpenVPN connected user, through the IPSec tunnel to the 192.168.3.0 range when connected to site 1 (and I’m assuming I can replicate this if a roadwarrior connects to Site 2 using OpenVPN and wants to see the server on the 192.168.11.0 range on the other side of the IPSec tunnel.)?

    Live long and Prosper