OpenVPN Remote Access to IPSec VPN destination
-
Hello!
I'm having a problem with my OpenVPN Remote Access users not being able to reach destinations connected through a site-to-site IPSec VPN tunnel. The clients on the network do not have any problem, nor does the pfSense box itself. I'm thinking it may be either a routing issue or firewall issue, but have not found the culprit yet.
Here's my setup:
- Site-to-Site IPSec tunnel from my pfSense to an Amazon AWS VPN gateway.
- OpenVPN server configured on pfSense to provide Remote Access for mobile users. All traffic tunneled, not a split setup.
- Remote Access clients can access assets on the LAN, and all traffic is being routed through the tunnel. Their external IP is properly being detected as the pfSense WAN IP.
- LAN clients can access AWS assets via private IPs using the IPSec tunnel.
- Remote Access clients time out accessing AWS assets' private IPs.
- pfSense can ping AWS assets via private IPs without specifically selecting an interface to ping from.
Any suggestions on where to start? Thanks!
-
- LAN clients can access AWS assets via private IPs using the IPSec tunnel.
So you will have set up an IPSec phase 2 between your LAN and the AWS LAN.
The same thing is necessary for the OpenVPN tunnel network and the AWS LAN to get access to the remote devices from road-warrior clients.
However, I'm not sure if multiple phase 2 are possible on AWS.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.