Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Remote Access to IPSec VPN destination

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 419 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmenning
      last edited by

      Hello!

      I'm having a problem with my OpenVPN Remote Access users not being able to reach destinations connected through a site-to-site IPSec VPN tunnel. The clients on the network do not have any problem, nor does the pfSense box itself. I'm thinking it may be either a routing issue or firewall issue, but have not found the culprit yet.

      Here's my setup:

      • Site-to-Site IPSec tunnel from my pfSense to an Amazon AWS VPN gateway.
      • OpenVPN server configured on pfSense to provide Remote Access for mobile users. All traffic tunneled, not a split setup.
      • Remote Access clients can access assets on the LAN, and all traffic is being routed through the tunnel. Their external IP is properly being detected as the pfSense WAN IP.
      • LAN clients can access AWS assets via private IPs using the IPSec tunnel.
      • Remote Access clients time out accessing AWS assets' private IPs.
      • pfSense can ping AWS assets via private IPs without specifically selecting an interface to ping from.

      Any suggestions on where to start? Thanks!

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        @cmenning:

        • LAN clients can access AWS assets via private IPs using the IPSec tunnel.

        So you will have set up an IPSec phase 2 between your LAN and the AWS LAN.

        The same thing is necessary for the OpenVPN tunnel network and the AWS LAN to get access to the remote devices from road-warrior clients.
        However, I'm not sure if multiple phase 2 are possible on AWS.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.