OpenVPN Remote Access to IPSec VPN destination



  • Hello!

    I'm having a problem with my OpenVPN Remote Access users not being able to reach destinations connected through a site-to-site IPSec VPN tunnel. The clients on the network do not have any problem, nor does the pfSense box itself. I'm thinking it may be either a routing issue or firewall issue, but have not found the culprit yet.

    Here's my setup:

    • Site-to-Site IPSec tunnel from my pfSense to an Amazon AWS VPN gateway.
    • OpenVPN server configured on pfSense to provide Remote Access for mobile users. All traffic tunneled, not a split setup.
    • Remote Access clients can access assets on the LAN, and all traffic is being routed through the tunnel. Their external IP is properly being detected as the pfSense WAN IP.
    • LAN clients can access AWS assets via private IPs using the IPSec tunnel.
    • Remote Access clients time out accessing AWS assets' private IPs.
    • pfSense can ping AWS assets via private IPs without specifically selecting an interface to ping from.

    Any suggestions on where to start? Thanks!



  • @cmenning:

    • LAN clients can access AWS assets via private IPs using the IPSec tunnel.

    So you will have set up an IPSec phase 2 between your LAN and the AWS LAN.

    The same thing is necessary for the OpenVPN tunnel network and the AWS LAN to get access to the remote devices from road-warrior clients.
    However, I'm not sure if multiple phase 2 are possible on AWS.