Route OpenVPN client over IPSEC to a remote LAN?



  • I have 3 pfSense boxes, with IPSEC connections between them all. I also have OpenVPN (for clients accessing the LAN attached to that pfSense) on all 3.
    Is there a way for an OpenVPN client connected to, say, box 'A' to access the LAN on box 'B'?
    I haven't been able to make this work with tunnels or VTI, with routes or firewall rules.
    Anyone got a pointer to a how-to? Or know how to do it yourself?
    Thanks!



  • You have to add an additional phase 2 to the IPSec configs for the access server tunnel network.
    Also in the access server settings you have to add the the remote LAN networks, which the clients should be able to access, to the "Local networks".

    For instance:
    site A:
    LAN: 10.0.10.0/24
    access server tunnel: 192.168.21.0/24

    site B:
    LAN: 10.0.20.0/24
    access server tunnel: 192.168.22.0/24

    site C:
    LAN: 10.0.30.0/24
    access server tunnel: 192.168.23.0/24

    So at site A you have two add phase 2 to each IPSec with local: 192.168.21.0/24 and the appropriate remote network.
    at site B local: 192.168.22.0/24
    at site C local: 192.168.23.0/24
    Also add phase 2 settings to the respective IPSec config on the remote site with permuted networks, of course.

    Access server "Local Network/s":
    A, B and C: 10.0.10.0/24,10.0.20.0/24,10.0.30.0/24