OpenVPN Routing on pfSense
-
OpenVPN I have a client ( LAN1) to server ( LAN 2) connection which works well and can see all the devices on the server side.
I want to be able to use the OpnVPN to tunnel to the firewall
and then use an existing IPSec IKEv1 tunnel ( on the same pfSense as the OpnVPN ) to another network on a different subnet ( LAN 3).
I can ping from the client ( LAN 1 ) to the OpnVPN Server ( LAN 2 )
and can ping from ( LAN 2 ) to ( LAN 3)
All 3 are different subnets
I have added the route to ( LAN 3 ) on the ( LAN 1 ) device ( actually the OPNVPN client did that for me )
I am unable to ping from ( LAN 1 ) to ( LAN 3 ) even though routing is in place and the firewalls for both VPNs are currently set as * any protocol
The OPNVPN server - Tunnel Settings - config has ( LAN 2 ) and ( LAN 3 ) subnets in the IPv4 Local Network sectionHelp, Any ideas ?
-
I would really help if you drew this.. Sounds like from your fist sentence your vpn to some server behind a pfsense? And then this pfsense at site B has a ipsec vpn to a 3rd?
-
Yes Of Course,
I want to ping ( connect to ) 192.168.200.2 from 192.168.70.2
I can ping anything on 192.168.100.0/24 from 192.168.70.2
I can ping anything on 192.168.200.0/24 from 192.168.100.0/24
but cant see anything 192.168.70.2 -> 192.168.200.0/24 -
@TSO2 said in OpenVPN Routing on pfSense:
I have added the route to ( LAN 3 ) on the ( LAN 1 ) device ( actually the OPNVPN client did that for me )
You need also a route on the pfSense box in LAN 3 to the OpenVPN clients network.
This must be done in IPSec. Add an additional phase 2 to the IPSec configuration on LAN3 pfSense with 192.168.200.0/24 as local and and the OpenVPN access servers tunnel network as remote network.
Also set the additonal phase 2 on the pfSense in LAN 2 with inverted networks. -
First off forget about VPN types. That's irrelevant. Once a VPN is up, it's no different than any other IP route. This reduces the problem to routing. Do you have the appropriate routing configured?
-
I get that now, I am going to try the routing from the IPSec to the OpenVPN subnet