Can a remote VPN user (client) access other VPN IPSEC site to site?



  • We have a Pfsense version 2.4.4 configured with a VPN IPSEC site to site with our partner.
    Our Network is 10.0.1.0/24
    Partner network is 172.25.0.0/16.
    Users connected in our local network (10.0.1.0/24) access partner network (172.25.0.0/16) successfully.

    We have also remote users connected to our Office with an OpenVPNClient.
    The OpenVPN is configured like that:
    Tunnel Network
    10.0.2.0/24
    Local Network:
    10.0.1.0/24
    Remote users get an IP in 10.0.2.0/24 and reach successfully 10.0.1.0/24.

    I need that also remote users (10.0.2.0/24) can access customer network 172.25.0.0/16.

    Is it possible to do such a thing?



  • @alessdom said in

    Hey
    You need to create an additional PHASE 2 on both sides of the tunnel.
    for networks 172.25.0.0/16 <--> 10.0.2.0/24



  • Thanks!,
    I've found a similar solution that doesn't require partner side intervention.

    I've added customer network in OpenVpn :
    Tunnel Network
    10.0.2.0/24
    Local Network:
    10.0.1.0/24, 172.25.0.0/16.

    Then I've added Phase 2 with NAT:
    Local Network 10.0.2.0/24
    NAT: 10.0.1.0/24
    Remote Network: 172.25.0.0/16

    It works!


Log in to reply