Connect OpenVPN client to remote IPSec tunnel


  • Rebel Alliance

    I have two sites connected by IPSec. Both can also be reached from the outside world by OpenVPN clients.

    However, I cannot reach either end of the tunnel by using an OpenVPN client from the opposite side. Where do I need to put the correct Firewall rules?

    This was working OK when I had a temporary (non-pfsense) Router at one end. Now that I have restored pfs, I am trying to replicate the functionality.

    Site A:
    Lan1 = 192.168.A1.0/24
    Lan2 = 192.168.A2.0/24
    OpenVPN = 192.168.Va.0/24

    Site B:
    Lan1 = 192.168.B1.0/24
    Lan2 = 192.168.B2.0/24
    OpenVPN = 192.168.Vb.0/24

    I can reach subnets A1 & A2 from B1 or B2, and vice versa.

    When site B, was not pfsense, I could also reach B1 & B2 from Va (using the same IPSec setup).

    Now that I have restored pfsense to both sites, I am stuck with either end OpenVPN client being unable to traverse the IPSec tunnel.

    Both systems are running 2.4.4.

    I've tried adding rules on both the IPSec & OpenVPN tabs, but no joy.

    Appreciate any suggestions, many thanks.


  • Rebel Alliance

    Ok, seems I have it working: took a little longer than expected for the rules to kick in.

    If I could change my question/help request to: where should I have put (and which of) these rules?

    I presume I need to delete a few...

    Will post back, when I work it out.
    Many thanks.