OpenVPN Client to OpenVPN Site and IPSec Site



  • Hi,
    I have connected my OpenVPN Sites to the IPSec Site (where I can't have pfsense). For simplicity purposes, I have the following:

    1 Main Ipsec Site: 10.55.16.0/24
    2 Main OpenVPN Site: 10.55.96.0/24 (tunnel 10.55.240.0/24)
    3 Remote OpenVPN Site 1: 10.82.16.0/24 (tunnel 10.55.240.0/24)
    4 Remote OpenVPN Site 2: 10.82.24.0/24 (tunnel 10.55.240.0/24)
    5 OpenVPN Mobile Clients: tunnel 10.55.248.0/24

    So 1 through 4 everything is well connected. Can ping and do everything between them. The weirdness is on 5. I can access 1 (Ipsec Site) and 2 (Main OpenVPN Site), but can't reach at all 3 and 4 (the remote OpenVPN Sites).

    So I am looking for a shed of light that can let me know what I need to do on 5 so that I can access the Remote OpenVPN Sites?

    I appreciate any ideas.

    Thanks,

    Carlos


  • Netgate

    First, what mode OpenVPN did you set up? SSL/TLS, Shared Key, etc?



  • Hi
    Thanks for the reply. The site to site openvpn and the mobile to site mode are both ssl/tls.

    Thanks again

    Carlos


  • Netgate

    @newcmelgar said in OpenVPN Client to OpenVPN Site and IPSec Site:

    10.55.248.0/24

    So add 10.55.248.0/24 as a local network on the server. It should be pushed to the clients. Be sure the traffic is passed by the necessary firewall rules on the OpenVPN servers, clients, and/or assigned interfaces.

    Same with the Remote Access server. If it is not redirect-gateway def1 you need to add the spoke subnets (10.82.16.0/24, 10.82.24.0/24, etc) to the Local Networks on the Remote access server so they know to send traffic for those over the tunnel.



  • @derelict I will send you the changes tonight (as I don't want to interrupt users connectivity at the moment). I do remember trying that but I think it didn't work. Anyways, I will get back to you in the evening.



  • @derelict Thanks for the tip! My problem was not having the 10.55.248.0/24 on the local and remote networks. I had the spoke subnets in the remote access server. Much appreciated!


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy