Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connect OpenVPN client to remote IPSec tunnel

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 1 Posters 227 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awair
      last edited by awair

      I have two sites connected by IPSec. Both can also be reached from the outside world by OpenVPN clients.

      However, I cannot reach either end of the tunnel by using an OpenVPN client from the opposite side. Where do I need to put the correct Firewall rules?

      This was working OK when I had a temporary (non-pfsense) Router at one end. Now that I have restored pfs, I am trying to replicate the functionality.

      Site A:
      Lan1 = 192.168.A1.0/24
      Lan2 = 192.168.A2.0/24
      OpenVPN = 192.168.Va.0/24

      Site B:
      Lan1 = 192.168.B1.0/24
      Lan2 = 192.168.B2.0/24
      OpenVPN = 192.168.Vb.0/24

      I can reach subnets A1 & A2 from B1 or B2, and vice versa.

      When site B, was not pfsense, I could also reach B1 & B2 from Va (using the same IPSec setup).

      Now that I have restored pfsense to both sites, I am stuck with either end OpenVPN client being unable to traverse the IPSec tunnel.

      Both systems are running 2.4.4.

      I've tried adding rules on both the IPSec & OpenVPN tabs, but no joy.

      Appreciate any suggestions, many thanks.

      2.4.3 (amd64)
      and given up on the SG-1000

      1 Reply Last reply Reply Quote 0
      • A
        awair
        last edited by awair

        Ok, seems I have it working: took a little longer than expected for the rules to kick in.

        If I could change my question/help request to: where should I have put (and which of) these rules?

        I presume I need to delete a few...

        Will post back, when I work it out.
        Many thanks.

        2.4.3 (amd64)
        and given up on the SG-1000

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.