Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Add Subnet Ipsec To OpenVpn

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 665 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      danielino1981
      last edited by

      Good morning
      A question
      I have a Pfsense with Ipsec connection to a Zywall. They have seen each other.
      I set an OpenvPN on this Pfsense, the client saw the pfsense but not the zywall and its resources behind the ipsec.
      I entered the route in the Pfsense server options but it works.
      Where am I wrong?

      V JKnottJ 2 Replies Last reply Reply Quote 0
      • V
        viragomann @danielino1981
        last edited by

        @danielino1981 said in Add Subnet Ipsec To OpenVpn:

        I set an OpenvPN on this Pfsense

        A remote access server, I guess.
        So if you don't push redirect gateway, you have to add the network behind the Zywall to the "Local Networks" in the OpenVPN server settings to push the route to the clients.

        Additionally you have to add a second phase 2 for the OpenVPN tunnel network and the remote network to your IPSec configuration.

        1 Reply Last reply Reply Quote 0
        • D
          danielino1981
          last edited by

          Thanks for your answer. All this done but it doesn't work

          Open Vpn Server

          202d7083-1ac2-43f5-a2d2-545d4aa52df9-immagine.png

          37c3b6d2-2308-43ab-a737-caee12c2af40-immagine.png

          b8b68181-ca0f-4a50-bb62-a22b7eeddb00-immagine.png

          Ip Sec

          06bd882e-6a97-438b-89a6-4d9b13ced775-immagine.png

          745cff22-b9a9-4422-a65c-6b4a5d3f465d-immagine.png

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by viragomann

            The "push route" in Custom options and the Local Networks do the same thing. It's recommended to use Local Networks for pushing routes to the clients. So you should remove the push route from custom options.

            Did you add the second phase 2 on the Zywall as well?

            1 Reply Last reply Reply Quote 0
            • JKnottJ
              JKnott @danielino1981
              last edited by

              @danielino1981

              If both VPNs are up & working between pfSense and the remote sites, then it's a routing and/or firewall issue. That VPNs are involved is irrelevant, as they're just IP connections.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • D
                danielino1981
                last edited by

                On the Zyxel side do I have to add routes?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.