4. Route OpenVPN client over IPSEC to a remote LAN?

Route OpenVPN client over IPSEC to a remote LAN?

  • B

    I have 3 pfSense boxes, with IPSEC connections between them all. I also have OpenVPN (for clients accessing the LAN attached to that pfSense) on all 3.
    Is there a way for an OpenVPN client connected to, say, box 'A' to access the LAN on box 'B'?
    I haven't been able to make this work with tunnels or VTI, with routes or firewall rules.
    Anyone got a pointer to a how-to? Or know how to do it yourself?
    Thanks!

    0
  • V

    You have to add an additional phase 2 to the IPSec configs for the access server tunnel network.
    Also in the access server settings you have to add the the remote LAN networks, which the clients should be able to access, to the "Local networks".

    For instance:
    site A:
    LAN: 10.0.10.0/24
    access server tunnel: 192.168.21.0/24

    site B:
    LAN: 10.0.20.0/24
    access server tunnel: 192.168.22.0/24

    site C:
    LAN: 10.0.30.0/24
    access server tunnel: 192.168.23.0/24

    So at site A you have two add phase 2 to each IPSec with local: 192.168.21.0/24 and the appropriate remote network.
    at site B local: 192.168.22.0/24
    at site C local: 192.168.23.0/24
    Also add phase 2 settings to the respective IPSec config on the remote site with permuted networks, of course.

    Access server "Local Network/s":
    A, B and C: 10.0.10.0/24,10.0.20.0/24,10.0.30.0/24

    1
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy