1. Home
  2. pfSense® Software
  3. OpenVPN
  4. OpenVPN client should use IPSEC tunnel

OpenVPN client should use IPSEC tunnel

  • S

    pfsense 2.3.2p1, two IPSEC site-to-site tunnels which allow the LAN subnet to access remote servers.

    Now I have added an OpenVPN server and a remote warrior, this one comes into the system within the OpenVPN subnet which is different from the LAN subnet.
    How can I enable the ovpn client to use the IPSEC tunnels? I tried adding the remote subnet to the config of the ovpn-server and/or push routes, without success.

    Do I have to rewrite (NAT?) the client's IP to an IP within the LAN subnet?
    thanks for any pointers!

    0
  • jimp
    Rebel Alliance Developer Netgate

    You have to push routes to the client and you also need a matching Phase 2 on the IPsec tunnel for traffic from the OpenVPN client side to the remote IPsec network.

    Trying to play tricks with NAT is more likely to bring pain than help, add a P2 and don't use NAT and you'll be much better off.

    0
  • S

    Adding a P2 would mean that also the remote IPSEC-gateway would have to add that P2, correct?
    This isn't so easy as they aren't too cooperative and rather restrictive.

    0
  • jimp
    Rebel Alliance Developer Netgate

    Yes, a P2 would have to be added on both sides.

    0
  • S

    Thanks a lot.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy