Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client to OpenVPN Site and IPSec Site

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 833 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newcmelgar
      last edited by

      Hi,
      I have connected my OpenVPN Sites to the IPSec Site (where I can't have pfsense). For simplicity purposes, I have the following:

      1 Main Ipsec Site: 10.55.16.0/24
      2 Main OpenVPN Site: 10.55.96.0/24 (tunnel 10.55.240.0/24)
      3 Remote OpenVPN Site 1: 10.82.16.0/24 (tunnel 10.55.240.0/24)
      4 Remote OpenVPN Site 2: 10.82.24.0/24 (tunnel 10.55.240.0/24)
      5 OpenVPN Mobile Clients: tunnel 10.55.248.0/24

      So 1 through 4 everything is well connected. Can ping and do everything between them. The weirdness is on 5. I can access 1 (Ipsec Site) and 2 (Main OpenVPN Site), but can't reach at all 3 and 4 (the remote OpenVPN Sites).

      So I am looking for a shed of light that can let me know what I need to do on 5 so that I can access the Remote OpenVPN Sites?

      I appreciate any ideas.

      Thanks,

      Carlos

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        First, what mode OpenVPN did you set up? SSL/TLS, Shared Key, etc?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • N
          newcmelgar
          last edited by

          Hi
          Thanks for the reply. The site to site openvpn and the mobile to site mode are both ssl/tls.

          Thanks again

          Carlos

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by Derelict

            @newcmelgar said in OpenVPN Client to OpenVPN Site and IPSec Site:

            10.55.248.0/24

            So add 10.55.248.0/24 as a local network on the server. It should be pushed to the clients. Be sure the traffic is passed by the necessary firewall rules on the OpenVPN servers, clients, and/or assigned interfaces.

            Same with the Remote Access server. If it is not redirect-gateway def1 you need to add the spoke subnets (10.82.16.0/24, 10.82.24.0/24, etc) to the Local Networks on the Remote access server so they know to send traffic for those over the tunnel.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            N 2 Replies Last reply Reply Quote 0
            • N
              newcmelgar @Derelict
              last edited by

              @derelict I will send you the changes tonight (as I don't want to interrupt users connectivity at the moment). I do remember trying that but I think it didn't work. Anyways, I will get back to you in the evening.

              1 Reply Last reply Reply Quote 0
              • N
                newcmelgar @Derelict
                last edited by

                @derelict Thanks for the tip! My problem was not having the 10.55.248.0/24 on the local and remote networks. I had the spoke subnets in the remote access server. Much appreciated!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.