OpenVPN in to pfSense and then via IPsec tunnel - possible?



  • Hi all!

    I connect to pfSense with OpenVPN and would like to reach a remote location that is connected via a site2site IPsec tunnel.
    I have not made it work so far, so wondering if someone has done this? Is it possible?

    Thanks in advance!



  • @jarlel

    Why would you even bother they both serve the same funtion. What you might do is use OpenVPN between A & B and then IPSec between B & C. However, it is possible to tunnel one in the other, in that all the tunnels do is pass packets, regardless of content, between 2 points. You'd route the OpenVPN packets as you would any other.



  • @JKnott said in OpenVPN in to pfSense and then via IPsec tunnel - possible?:

    @jarlel

    Why would you even bother they both serve the same funtion. What you might do is use OpenVPN between A & B and then IPSec between B & C. However, it is possible to tunnel one in the other, in that all the tunnels do is pass packets, regardless of content, between 2 points. You'd route the OpenVPN packets as you would any other.

    That is the setup, unfortunately... OpenVPN from A to B works fine. IPsec site2site from B to C works fine.
    Communicating from A to C, however, doesn't work.

    Any idea how to set up the routing to make it work? All traffic is tunneled from A to B now, but the traffic stops at B and doesn't go to C. How/where should I set this up?

    Cheers



  • @jarlel

    Who maintains B? You have to go into the router there and configure the routes. This is strictly a routing issue that has nothing to do with VPNs. As for setting it up, without knowing what the router at B is, it's impossible to say.



  • @JKnott said in OpenVPN in to pfSense and then via IPsec tunnel - possible?:

    @jarlel

    Who maintains B? You have to go into the router there and configure the routes. This is strictly a routing issue that has nothing to do with VPNs. As for setting it up, without knowing what the router at B is, it's impossible to say.

    We maintain B. Ok, so is it a manual route setup issue? B is pfSense.



  • @jarlel said in OpenVPN in to pfSense and then via IPsec tunnel - possible?:

    Ok, so is it a manual route setup issue?

    Yes. Also firewall rules.

    The router will know how to route between the VPN networks, but not for anything beyond, unless either you configure it or a routing protocol, such as OSPF is used. You can test this by pinging from the pfSense router at A to the router at C. Both of those addresses will be within the VPN networks, but the LANs beyond those routers will be on different networks and so the routers need to obtain those network addresses in some way. Your choices, manual config or routing protocol.



  • I have this setup working. The IPsec tunnel connects my home & remote office, which are “some distance” apart. I connect via OpenVPN to whichever is closer when I travel, I then have access to my servers at both sites.

    Step 1: make sure you have a working IPsec tunnel and you can browse the network(s) at the remote end.
    Step 2: add your remote networks to “IPv4 Local network(s)” on your OpenVPN Server (your.pfsense.ip/vpn_openvpn_server.php?act=edit&id=0)
    Step 3: configure appropriate firewall rule to allow OpenVPN clients to access the remote network destination.

    Good luck.


Log in to reply