Routing Site-to-Site IPSec VPN traffic out OpenVPN connection

funjwaite

We currently use SG-2220's to connect to OpenVPN tunnels in different regions for testing our website in those locations.
We want a remote site to connect via IPSec and send all internet bound traffic thru the OpenVPN tunnel.

I found this guide: Routing Internet traffic thru a site-to-site ipsec vpn
Can I just change those NAT rules at the end to use the OpenVPN interface instead of WAN? Will that work?
Seems like a route statement will need to be configured somewhere...

Derelict

Depends on how the OpenVPN is set up.

If you are allowing the VPN to pull a default route, all you should need is outbound NAT

If you are not allowing the OpenVPN to pull a default route, you will need to policy route the IPsec traffic using rules on the IPsec tab to the OpenVPN gateway and enable Outbound NAT.

funjwaite

Excellent, "Don't pull routes" is NOT checked, so I think we'll be good to go.

Thank you!