Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy based routing not working for ipsec over openvpn

    Scheduled Pinned Locked Moved
    Routing and Multi WAN
    4
    4
    795
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      khsonu
      last edited by

      Hi Guys,

      Needy your help here, I am trying to establish a ipsec tunnel within openvpn but the ipsec response packets do not return from openvpn interface instead it takes the default route defined in pfsense. Below is what I am trying to do.

      IPsec clients <–IPsec tunnel till PFsense--> openvpn server <----OpenVPN tunnel---> PFsense (openvpn client + IPsec server)

      Here the IPsec clients are not able to establish the connection with PFsense. The request packets to reach to pfsense on openvpn interface but replies take a different path which is through default gateway, hence it never reaches to clients (or openvpn server). I tried applying policy based routing on openvpn interface with rule as source openvpn network, destination any, gateway openvpn gateway but it did not work. However, if I make the openvpn gateway as default gateway in pfsense then everything works fine, though I cannot do this in production.

      Please let me know if I am missing something here.

      Thank you.

      1 Reply Last reply Reply Quote 0
      • K
        kroem
        last edited by

        @khsonu:

        Hi Guys,

        Needy your help here, I am trying to establish a ipsec tunnel within openvpn but the ipsec response packets do not return from openvpn interface instead it takes the default route defined in pfsense. Below is what I am trying to do.

        IPsec clients <–IPsec tunnel till PFsense--> openvpn server <----OpenVPN tunnel---> PFsense (openvpn client + IPsec server)

        Here the IPsec clients are not able to establish the connection with PFsense. The request packets to reach to pfsense on openvpn interface but replies take a different path which is through default gateway, hence it never reaches to clients (or openvpn server). I tried applying policy based routing on openvpn interface with rule as source openvpn network, destination any, gateway openvpn gateway but it did not work. However, if I make the openvpn gateway as default gateway in pfsense then everything works fine, though I cannot do this in production.

        Please let me know if I am missing something here.

        Thank you.

        FYI, I have almost the same problem here: https://forum.pfsense.org/index.php?topic=130658.0

        Would really like to find a solution :)

        1 Reply Last reply Reply Quote 0
        • C
          CuteBoi
          last edited by

          Are we 3 on the 2.3.4 version?  Coincidence?

          1 Reply Last reply Reply Quote 0
          • M
            marvosa
            last edited by

            Just to be clear, you just want your mobile IPsec clients to be able to communicate with an endpoint device across an OpenVPN tunnel?  Or is there more to it then that?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.