OpenVPN can't communicate with IPsec tunnel

  • So i'm having an issue with my network
    i have a IPsec tunnel which works fine ( with my local network (
    i have an openVPN which works (

    now … when i use openVPN, i can access the local network
    when i use local network i can access IPsec tunnel
    but i can not access IPsec tunnel when i use openVPN (ie from ->
    firewall or permissions aren't the problem because i can see it being allowed. i think there is a routing issue or setting issue of some sort

    any help would be appreciated

  • LAYER 8 Netgate

    Do you have an IPsec phase 2 entry for <=> on both ends of the IPsec tunnel?

    Do you have listed as a local network on the OpenVPN server?

  • Yeh i do have a phase 2 entry for on the local end, the other end is in another state
    i do recall it working at some point though so i'm not sure that is the issue.

    and yeh i have listed as a local network on the OpenVpn server

    i'm trying to get in touch with the other side of the IPsec to see if they will add my for it to work. do you think that is the problem?

  • LAYER 8 Netgate

    Without a phase 2 on the other side, traffic from there to your OpenVPN subnet will not be interesting to IPsec and will not be forwarded over the tunnel.

  • do you think it would be a good idea to assign address to openVPN in order to get around this? so that openVPN traffic will appear as local traffic
    whenever i try assign static IPs to openVPN, it won't communicate with anything
    am i missing something or is it not possible?

  • LAYER 8 Netgate

    Since you asked what I think, I think if you want IPsec traffic over an IPsec tunnel the proper solution is to get the correct Phase 2 entries in place.

    Else you would have to bridge a tap-mode OpenVPN instance which you might be able to get to work but is not a recommended configuration.

  • just got it done. after 2 weeks of pulling my hair out. IT IS WORKING

    thanks heaps for your expertise. need to shoot you a pack of tim tams ;)

  • Dear sir can you explain how did you do it ?
    many thanks

Log in to reply