4. OpenVPN client should use IPSEC tunnel

OpenVPN client should use IPSEC tunnel

  • S

    pfsense 2.3.2p1, two IPSEC site-to-site tunnels which allow the LAN subnet to access remote servers.

    Now I have added an OpenVPN server and a remote warrior, this one comes into the system within the OpenVPN subnet which is different from the LAN subnet.
    How can I enable the ovpn client to use the IPSEC tunnels? I tried adding the remote subnet to the config of the ovpn-server and/or push routes, without success.

    Do I have to rewrite (NAT?) the client's IP to an IP within the LAN subnet?
    thanks for any pointers!

    0
  • Rebel Alliance Developer Netgate

    You have to push routes to the client and you also need a matching Phase 2 on the IPsec tunnel for traffic from the OpenVPN client side to the remote IPsec network.

    Trying to play tricks with NAT is more likely to bring pain than help, add a P2 and don't use NAT and you'll be much better off.

    0
  • S

    Adding a P2 would mean that also the remote IPSEC-gateway would have to add that P2, correct?
    This isn't so easy as they aren't too cooperative and rather restrictive.

    0
  • Rebel Alliance Developer Netgate

    Yes, a P2 would have to be added on both sides.

    0
  • S

    Thanks a lot.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy