Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Routing Site-to-Site IPSec VPN traffic out OpenVPN connection

    IPsec
    2
    3
    42
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      funjwaite last edited by

      We currently use SG-2220's to connect to OpenVPN tunnels in different regions for testing our website in those locations.
      We want a remote site to connect via IPSec and send all internet bound traffic thru the OpenVPN tunnel.

      I found this guide: Routing Internet traffic thru a site-to-site ipsec vpn
      Can I just change those NAT rules at the end to use the OpenVPN interface instead of WAN? Will that work?
      Seems like a route statement will need to be configured somewhere...

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Depends on how the OpenVPN is set up.

        If you are allowing the VPN to pull a default route, all you should need is outbound NAT

        If you are not allowing the OpenVPN to pull a default route, you will need to policy route the IPsec traffic using rules on the IPsec tab to the OpenVPN gateway and enable Outbound NAT.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • F
          funjwaite last edited by

          Excellent, "Don't pull routes" is NOT checked, so I think we'll be good to go.

          Thank you!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy