VPN Site to Site problem after accessing remote.

rafaelmspc

Guys, I  will try to explain it in the best way and I hope you guys can help me.

I have a Site to Site VPN (using IPsec) working perfectly. Let's call it Site A and Site B.
My problem is, when I'm at my home and I connect to Site A (Client to Site using OpenVPN), I join in my A network without problems, but I can not ping anything to Site B

Any tips of what can i do?

viragomann

You need to set the routing between B and the OpenVPN tunnel network in IPSec.
To do so you have to add a second phase 2 to the IPSec configuration.

rafaelmspc

Thanks for your Help! I add a second phase but i cannot access the site b yet. Im posting my confs:

My OpenVPN conf.

10.0.3.0/24 = My OpenVpn network
192.168.108.0/22 = My internal Network
172.16.0.0/16 = My Site B internal network(connected through Ipsec site to site)

My Ipsec Conf
The first entry entry of second phase is part of my vpn site to site, the second entry is the route i add trying to follow your tip.

Can you help?

Thanks.

viragomann

Have also you added the second phase 2 on site B?

rafaelmspc

Still nothing =// Route added on site B. This is my conf file from openvpn client:

dev tun
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
remote 187.28.XX.XX 1198
route 192.168.108.0 255.255.252.0
ifconfig 172.25.1.2 172.25.1.1
keepalive 10 60
ping-timer-rem
secret fwr-udp-1198.secret.key

I My openvpn server, i  set it up the routes, i need to add something in my conf file?

viragomann

Seems to be a very old pfSense version.

Don't know, what client you're running. Doesn't it support pulling of routes, cause you have stated the route for the LAN in the client config? If it doesn't support pulling routes you have also to state the site B LAN here.

Also maybe the route line in the client config will thwart the push routes command from server. Look in the client log for details.

rafaelmspc

I am using the latest openvpn client for windows. I made tests by adding the routes just on the client and another just on the server, I did not succeed. My version of Pfsense is really old V 2.2.6.

I configured the routes on the server:

persist-tun
persist-key
push "route 172.25.1.0 255.255.255.0";
push "route 172.16.0.0 255.255.0.0";

172.25…..my range on this tunnel
172.16....The range from lan of B site.

viragomann

I presume, the routes on the client are not added by pushing from server.
Check the clients routing table.