Road Warrior with remote IPSec sites



  • I have 3 sites which are connected via IPSec tunnels and the primary site has a Road Warrior OpenVPN server configured on it. I can VPN into the primary site and access clients on the .10 network without issues. However, from the VPN I don't have access to the remote IPSec .20 and .30 sites. I already added the custom options on the OpenVPN server to push the routes and I can do a trace from the VPN client and see the traffic being routed through the VPN so I know the clients are getting the routes. I think part of the issue is that I need a static route on the .20 and .30 sites so they know to router the 192.168.0.0/24 network back through the .10 network but I'm not sure.

    Screenshots of the network and a trace attached.





  • You have to add a second phase 2 for 192.168.0.0/24 to both IPSec configs.



  • I just tried adding a second P2 to site .20

    Site 20 P2
    Local Subnet: 10.10.20.0/24
    Remote Subnet: 192.168.0.0/24

    Site 10 P2
    Local Subnet: 10.10.10.0/24
    Remote Subnet: 192.168.0.0/24

    After I did that VPN clients couldn't reach 10 or 20. Somehow I think i messed up the local and remote subnet orders.



  • On Site 10 the settings should be
    Local Subnet: 192.168.0.0/24
    Remote Subnet: 10.10.20.0/24



  • That was it. I create another P2 for site 30 and now VPN clients have access to both sites.

    Thanks for the help.


Log in to reply