OpenVPN Client to OpenVPN Site and IPSec Site
I have connected my OpenVPN Sites to the IPSec Site (where I can't have pfsense). For simplicity purposes, I have the following:
1 Main Ipsec Site: 10.55.16.0/24
2 Main OpenVPN Site: 10.55.96.0/24 (tunnel 10.55.240.0/24)
3 Remote OpenVPN Site 1: 10.82.16.0/24 (tunnel 10.55.240.0/24)
4 Remote OpenVPN Site 2: 10.82.24.0/24 (tunnel 10.55.240.0/24)
5 OpenVPN Mobile Clients: tunnel 10.55.248.0/24
So 1 through 4 everything is well connected. Can ping and do everything between them. The weirdness is on 5. I can access 1 (Ipsec Site) and 2 (Main OpenVPN Site), but can't reach at all 3 and 4 (the remote OpenVPN Sites).
So I am looking for a shed of light that can let me know what I need to do on 5 so that I can access the Remote OpenVPN Sites?
I appreciate any ideas.
First, what mode OpenVPN did you set up? SSL/TLS, Shared Key, etc?
Thanks for the reply. The site to site openvpn and the mobile to site mode are both ssl/tls.
So add 10.55.248.0/24 as a local network on the server. It should be pushed to the clients. Be sure the traffic is passed by the necessary firewall rules on the OpenVPN servers, clients, and/or assigned interfaces.
Same with the Remote Access server. If it is not
redirect-gateway def1you need to add the spoke subnets (10.82.16.0/24, 10.82.24.0/24, etc) to the Local Networks on the Remote access server so they know to send traffic for those over the tunnel.
@derelict I will send you the changes tonight (as I don't want to interrupt users connectivity at the moment). I do remember trying that but I think it didn't work. Anyways, I will get back to you in the evening.
@derelict Thanks for the tip! My problem was not having the 10.55.248.0/24 on the local and remote networks. I had the spoke subnets in the remote access server. Much appreciated!