Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client should use IPSEC tunnel

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 916 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sgw
      last edited by

      pfsense 2.3.2p1, two IPSEC site-to-site tunnels which allow the LAN subnet to access remote servers.

      Now I have added an OpenVPN server and a remote warrior, this one comes into the system within the OpenVPN subnet which is different from the LAN subnet.
      How can I enable the ovpn client to use the IPSEC tunnels? I tried adding the remote subnet to the config of the ovpn-server and/or push routes, without success.

      Do I have to rewrite (NAT?) the client's IP to an IP within the LAN subnet?
      thanks for any pointers!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You have to push routes to the client and you also need a matching Phase 2 on the IPsec tunnel for traffic from the OpenVPN client side to the remote IPsec network.

        Trying to play tricks with NAT is more likely to bring pain than help, add a P2 and don't use NAT and you'll be much better off.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          sgw
          last edited by

          Adding a P2 would mean that also the remote IPSEC-gateway would have to add that P2, correct?
          This isn't so easy as they aren't too cooperative and rather restrictive.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Yes, a P2 would have to be added on both sides.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              sgw
              last edited by

              Thanks a lot.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.