VPN Site to Site problem after accessing remote.



  • Guys, I  will try to explain it in the best way and I hope you guys can help me.

    I have a Site to Site VPN (using IPsec) working perfectly. Let's call it Site A and Site B.
    My problem is, when I'm at my home and I connect to Site A (Client to Site using OpenVPN), I join in my A network without problems, but I can not ping anything to Site B

    Any tips of what can i do?



  • You need to set the routing between B and the OpenVPN tunnel network in IPSec.
    To do so you have to add a second phase 2 to the IPSec configuration.



  • Thanks for your Help! I add a second phase but i cannot access the site b yet. Im posting my confs:

    My OpenVPN conf.

    10.0.3.0/24 = My OpenVpn network
    192.168.108.0/22 = My internal Network
    172.16.0.0/16 = My Site B internal network(connected through Ipsec site to site)

    My Ipsec Conf
    The first entry entry of second phase is part of my vpn site to site, the second entry is the route i add trying to follow your tip.

    Can you help?

    Thanks.



  • Have also you added the second phase 2 on site B?



  • Still nothing =// Route added on site B. This is my conf file from openvpn client:

    dev tun
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    resolv-retry infinite
    remote 187.28.XX.XX 1198
    route 192.168.108.0 255.255.252.0
    ifconfig 172.25.1.2 172.25.1.1
    keepalive 10 60
    ping-timer-rem
    secret fwr-udp-1198.secret.key
    
    

    I My openvpn server, i  set it up the routes, i need to add something in my conf file?



  • Seems to be a very old pfSense version.

    Don't know, what client you're running. Doesn't it support pulling of routes, cause you have stated the route for the LAN in the client config? If it doesn't support pulling routes you have also to state the site B LAN here.

    Also maybe the route line in the client config will thwart the push routes command from server. Look in the client log for details.



  • I am using the latest openvpn client for windows. I made tests by adding the routes just on the client and another just on the server, I did not succeed. My version of Pfsense is really old V 2.2.6.

    I configured the routes on the server:

    persist-tun
    persist-key
    push "route 172.25.1.0 255.255.255.0";
    push "route 172.16.0.0 255.255.0.0";
    

    172.25…..my range on this tunnel
    172.16....The range from lan of B site.



  • I presume, the routes on the client are not added by pushing from server.
    Check the clients routing table.