<![CDATA[Route OpenVPN Traffic through IPsec Tunnel]]>Hi folks :)

I seem to miss some routing / forwarding in my setup i hope you can help :)

Current Setup:

  1. Client to Site VPN through OpenVPN Server on PfSense --> everything works fine there in can interacet with the LAN Network of the pfSense from remote.

  2. Site to Site IPsec tunnel --> works fine too, the clients on the LAN network conntected to the pfSense can interact with the remote subnet of the other site.

So far so good...

what i want now is to be able to interact with clients on the remote site via my OpenVPN tunnel.

Examples:

client 10.0.0.2 ----openvpn-tunnel-----pfsense---LAN 172.17.16.0/24 --> Works

LAN 172.17.16.0/24----pfsense---------IPsec-tunnel------remote-site 172.17.20.0/24 --> Works

client 10.0.0.2 ----openvpn-tunnel-----pfsense------IPsec-tunnel------remote-site 172.17.20.0/24 --> NOT Working

I think i have to configure some outbound NAT or Gateway / routing to accomplish this?

regards

]]>https://forum.netgate.com/topic/147984/route-openvpn-traffic-through-ipsec-tunnelRSS for NodeWed, 17 Jun 2026 06:34:22 GMTFri, 08 Nov 2019 16:05:40 GMT60<![CDATA[Reply to Route OpenVPN Traffic through IPsec Tunnel on Fri, 15 Nov 2019 14:15:44 GMT]]>Strange. Did you already reboot the pfSense box?

Some guys who had similar issues here succeed after pulling down the OpenVPN server or the whole pfSense and rebuild it again.

]]>https://forum.netgate.com/post/875922https://forum.netgate.com/post/875922Fri, 15 Nov 2019 14:15:44 GMT<![CDATA[Reply to Route OpenVPN Traffic through IPsec Tunnel on Tue, 12 Nov 2019 13:12:02 GMT]]>Yes the capture is from the same pfsense box running the server - this boggles my mind, how is this not working, how does this traffic gets lost?

there is only one OpenVPN Server running. The client from which the Ping originates is connected to this server. the component on the remote subnet receives the ping and sends it back to the pfSense over the IPsec tunnel as seen in the second capture but then it somehow get lost...

]]>https://forum.netgate.com/post/875378https://forum.netgate.com/post/875378Tue, 12 Nov 2019 13:12:02 GMT<![CDATA[Reply to Route OpenVPN Traffic through IPsec Tunnel on Tue, 12 Nov 2019 11:19:11 GMT]]>The second packet capture is also taken from the local pfSense, which is running the access OpenVPN server?

Do you run multiple OpenVPN instances there, both server and clients?

]]>https://forum.netgate.com/post/875338https://forum.netgate.com/post/875338Tue, 12 Nov 2019 11:19:11 GMT<![CDATA[Reply to Route OpenVPN Traffic through IPsec Tunnel on Tue, 12 Nov 2019 11:06:25 GMT]]>Hi @viragomann

thx for your reply!

I made an extra phase 2 as suggested, my traffic goes now through the ipsec tunnel and comes back, but dont enter the openvpn tunnel again... what am i missing?

10.0.0.3 --> IP from my Client connected over OpenVPN
172.16.187.12 --> IP of the component in the remote subnet

packet capture from openvpn Interface, pinging a component in the remote subnet -> no traffic comes back...
openvpn_interface.png

packet capture from IPsec interface, pinging the same component in the remote subnet -> traffic flows in both ways
ipsec_interface.png

So my ping reach the remote component, flows back over the IPsec tunnel but then goes lost...?

]]>https://forum.netgate.com/post/875326https://forum.netgate.com/post/875326Tue, 12 Nov 2019 11:06:25 GMT<![CDATA[Reply to Route OpenVPN Traffic through IPsec Tunnel on Fri, 08 Nov 2019 16:19:55 GMT]]>To the IPSec configuration you have to add an additional phase 2 for the OpenVPN tunnel network and the remote network on both sites.
E.g. Local:
local network: 10.0.0.0/24
remote network: 172.17.16.0/24
remote:
local network: 172.17.16.0/24
remote network: 10.0.0.0/24

And in the OpenVPN settings, if not using "Redirect gateway", you have to add the remote network to the "IPv4 Local Network/s" to push the route to the clients.

]]>https://forum.netgate.com/post/874837https://forum.netgate.com/post/874837Fri, 08 Nov 2019 16:19:55 GMT