Connect OpenVPN client to remote IPSec tunnel

awair

I have two sites connected by IPSec. Both can also be reached from the outside world by OpenVPN clients.

However, I cannot reach either end of the tunnel by using an OpenVPN client from the opposite side. Where do I need to put the correct Firewall rules?

This was working OK when I had a temporary (non-pfsense) Router at one end. Now that I have restored pfs, I am trying to replicate the functionality.

Site A:
Lan1 = 192.168.A1.0/24
Lan2 = 192.168.A2.0/24
OpenVPN = 192.168.Va.0/24

Site B:
Lan1 = 192.168.B1.0/24
Lan2 = 192.168.B2.0/24
OpenVPN = 192.168.Vb.0/24

I can reach subnets A1 & A2 from B1 or B2, and vice versa.

When site B, was not pfsense, I could also reach B1 & B2 from Va (using the same IPSec setup).

Now that I have restored pfsense to both sites, I am stuck with either end OpenVPN client being unable to traverse the IPSec tunnel.

Both systems are running 2.4.4.

I've tried adding rules on both the IPSec & OpenVPN tabs, but no joy.

Appreciate any suggestions, many thanks.

awair

Ok, seems I have it working: took a little longer than expected for the rules to kick in.

If I could change my question/help request to: where should I have put (and which of) these rules?

I presume I need to delete a few...

Will post back, when I work it out.
Many thanks.