Route OpenVPN client over IPSEC to a remote LAN?

OpenVPN
Log in to reply
  • B

    I have 3 pfSense boxes, with IPSEC connections between them all. I also have OpenVPN (for clients accessing the LAN attached to that pfSense) on all 3.
    Is there a way for an OpenVPN client connected to, say, box 'A' to access the LAN on box 'B'?
    I haven't been able to make this work with tunnels or VTI, with routes or firewall rules.
    Anyone got a pointer to a how-to? Or know how to do it yourself?
    Thanks!

    0
  • V

    You have to add an additional phase 2 to the IPSec configs for the access server tunnel network.
    Also in the access server settings you have to add the the remote LAN networks, which the clients should be able to access, to the "Local networks".

    For instance:
    site A:
    LAN: 10.0.10.0/24
    access server tunnel: 192.168.21.0/24

    site B:
    LAN: 10.0.20.0/24
    access server tunnel: 192.168.22.0/24

    site C:
    LAN: 10.0.30.0/24
    access server tunnel: 192.168.23.0/24

    So at site A you have two add phase 2 to each IPSec with local: 192.168.21.0/24 and the appropriate remote network.
    at site B local: 192.168.22.0/24
    at site C local: 192.168.23.0/24
    Also add phase 2 settings to the respective IPSec config on the remote site with permuted networks, of course.

    Access server "Local Network/s":
    A, B and C: 10.0.10.0/24,10.0.20.0/24,10.0.30.0/24

    1

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy