Policy based routing not working for ipsec over openvpn



  • Hi Guys,

    Needy your help here, I am trying to establish a ipsec tunnel within openvpn but the ipsec response packets do not return from openvpn interface instead it takes the default route defined in pfsense. Below is what I am trying to do.

    IPsec clients <–IPsec tunnel till PFsense--> openvpn server <----OpenVPN tunnel---> PFsense (openvpn client + IPsec server)

    Here the IPsec clients are not able to establish the connection with PFsense. The request packets to reach to pfsense on openvpn interface but replies take a different path which is through default gateway, hence it never reaches to clients (or openvpn server). I tried applying policy based routing on openvpn interface with rule as source openvpn network, destination any, gateway openvpn gateway but it did not work. However, if I make the openvpn gateway as default gateway in pfsense then everything works fine, though I cannot do this in production.

    Please let me know if I am missing something here.

    Thank you.



  • @khsonu:

    Hi Guys,

    Needy your help here, I am trying to establish a ipsec tunnel within openvpn but the ipsec response packets do not return from openvpn interface instead it takes the default route defined in pfsense. Below is what I am trying to do.

    IPsec clients <–IPsec tunnel till PFsense--> openvpn server <----OpenVPN tunnel---> PFsense (openvpn client + IPsec server)

    Here the IPsec clients are not able to establish the connection with PFsense. The request packets to reach to pfsense on openvpn interface but replies take a different path which is through default gateway, hence it never reaches to clients (or openvpn server). I tried applying policy based routing on openvpn interface with rule as source openvpn network, destination any, gateway openvpn gateway but it did not work. However, if I make the openvpn gateway as default gateway in pfsense then everything works fine, though I cannot do this in production.

    Please let me know if I am missing something here.

    Thank you.

    FYI, I have almost the same problem here: https://forum.pfsense.org/index.php?topic=130658.0

    Would really like to find a solution :)



  • Are we 3 on the 2.3.4 version?  Coincidence?



  • Just to be clear, you just want your mobile IPsec clients to be able to communicate with an endpoint device across an OpenVPN tunnel?  Or is there more to it then that?