Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route OpenVPN client over IPSEC to a remote LAN?

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 295 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bobkoure
      last edited by bobkoure

      I have 3 pfSense boxes, with IPSEC connections between them all. I also have OpenVPN (for clients accessing the LAN attached to that pfSense) on all 3.
      Is there a way for an OpenVPN client connected to, say, box 'A' to access the LAN on box 'B'?
      I haven't been able to make this work with tunnels or VTI, with routes or firewall rules.
      Anyone got a pointer to a how-to? Or know how to do it yourself?
      Thanks!

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        You have to add an additional phase 2 to the IPSec configs for the access server tunnel network.
        Also in the access server settings you have to add the the remote LAN networks, which the clients should be able to access, to the "Local networks".

        For instance:
        site A:
        LAN: 10.0.10.0/24
        access server tunnel: 192.168.21.0/24

        site B:
        LAN: 10.0.20.0/24
        access server tunnel: 192.168.22.0/24

        site C:
        LAN: 10.0.30.0/24
        access server tunnel: 192.168.23.0/24

        So at site A you have two add phase 2 to each IPSec with local: 192.168.21.0/24 and the appropriate remote network.
        at site B local: 192.168.22.0/24
        at site C local: 192.168.23.0/24
        Also add phase 2 settings to the respective IPSec config on the remote site with permuted networks, of course.

        Access server "Local Network/s":
        A, B and C: 10.0.10.0/24,10.0.20.0/24,10.0.30.0/24

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.