Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Routing on pfSense

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 542 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TSO2
      last edited by

      OpenVPN I have a client ( LAN1) to server ( LAN 2) connection which works well and can see all the devices on the server side.

      I want to be able to use the OpnVPN to tunnel to the firewall
      and then use an existing IPSec IKEv1 tunnel ( on the same pfSense as the OpnVPN ) to another network on a different subnet ( LAN 3).
      I can ping from the client ( LAN 1 ) to the OpnVPN Server ( LAN 2 )
      and can ping from ( LAN 2 ) to ( LAN 3)
      All 3 are different subnets
      I have added the route to ( LAN 3 ) on the ( LAN 1 ) device ( actually the OPNVPN client did that for me )
      I am unable to ping from ( LAN 1 ) to ( LAN 3 ) even though routing is in place and the firewalls for both VPNs are currently set as * any protocol
      The OPNVPN server - Tunnel Settings - config has ( LAN 2 ) and ( LAN 3 ) subnets in the IPv4 Local Network section

      Help, Any ideas ?

      V JKnottJ 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        I would really help if you drew this.. Sounds like from your fist sentence your vpn to some server behind a pfsense? And then this pfsense at site B has a ipsec vpn to a 3rd?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • T
          TSO2
          last edited by

          Yes Of Course,

          I want to ping ( connect to ) 192.168.200.2 from 192.168.70.2
          I can ping anything on 192.168.100.0/24 from 192.168.70.2
          I can ping anything on 192.168.200.0/24 from 192.168.100.0/24
          but cant see anything 192.168.70.2 -> 192.168.200.0/24

          Demo Network.jpg

          1 Reply Last reply Reply Quote 0
          • V
            viragomann @TSO2
            last edited by

            @TSO2 said in OpenVPN Routing on pfSense:

            I have added the route to ( LAN 3 ) on the ( LAN 1 ) device ( actually the OPNVPN client did that for me )

            You need also a route on the pfSense box in LAN 3 to the OpenVPN clients network.

            This must be done in IPSec. Add an additional phase 2 to the IPSec configuration on LAN3 pfSense with 192.168.200.0/24 as local and and the OpenVPN access servers tunnel network as remote network.
            Also set the additonal phase 2 on the pfSense in LAN 2 with inverted networks.

            1 Reply Last reply Reply Quote 0
            • JKnottJ
              JKnott @TSO2
              last edited by

              @TSO2

              First off forget about VPN types. That's irrelevant. Once a VPN is up, it's no different than any other IP route. This reduces the problem to routing. Do you have the appropriate routing configured?

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • T
                TSO2
                last edited by

                I get that now, I am going to try the routing from the IPSec to the OpenVPN subnet

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.