route traffic from VPN server to network behind another interface



  • hello everybody;,

    my configuration as below
    i have 3 wan interface
    one lan interface
    and another lan interface to another firewall and this firewall has IPSEC
    so locally
    for specific destination i routed the traffic to the second firewall to IPSEC tunnel and all the other traffic goes to the wan interface as expected
    now i just configured openvpn server split tunnel
    and i want the traffic that needs to be routed to the IPSEC tunnel to go the another firewall
    i configured the vpn server with push "route 10.21.1.0 255.255.255.0"
    and when connected to the openvpn and when try to tracert the traffic to 10.21.1.10 seems that go throw the openvpn tunnel
    but after that the packages goes down
    i tried to allow all traffic from everywhere to any on all interfaces but the same
    what i missing ???
    routing works fine from lan
    but not working from the VPN



  • Maybe you're missing the route back from the destination device to the OpenVPN client.



  • what do you mean by route back
    here our network
    and everything is working fine only the red line that i want to do and notworking

    Capture.PNG



  • The request packets coming from the OpenVPN clients (with source IP out of the VPN tunnel) are routed to the other firewall and across the IPSec tunnel. Presuming you're not natting the packets, the remote devices will send their responds back to the VPN tunnel IP.
    So I asked if the remote side has a route for that direction.

    You need to set add a route (phase 2) on the IPSec tunnel and static route on the other firewall for the OpenVPN tunnel network.



  • This has come up before. You need to push a route for the remote LAN subnet to your OpenVPN clients and also configure a phase 2 for the OpenVPN tunnel network on each side of the IPsec tunnel.


Log in to reply