Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Communication VPN IPsec and OpenVPN

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 532 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      leoescarpellin
      last edited by

      Hi guys,

      I have an IPsec VPN (Site-to-Site) with a client and my LAN (192.168.16.0/24) is communicating perfectly with the client's LAN (10.203.160.0/22)

      I also have a VPN with OpenVPN (Client-to-site), configured on the 172.16.16.0/24 network, which is used by employees who are working at home. It is communicating normally with my LAN.

      Would it be possible to make the 172.16.16.0/24 network (OpenVPN) communicate with the 10.203.160.0/22 ​​network (customer's LAN)?

      I imagine that adding a second Phase2 communicating the 2 networks (OpenVPN and client lan) should resolve the issue, however the client is a little resistant in registering the second phase2.
      Is there any other way for me to try this communication?

      Thanks in advance.

      Att,
      Leonardo Escarpellin

      V JKnottJ 2 Replies Last reply Reply Quote 0
      • V Offline
        viragomann @leoescarpellin
        last edited by

        @leoescarpellin said in Communication VPN IPsec and OpenVPN:

        I imagine that adding a second Phase2 communicating the 2 networks (OpenVPN and client lan) should resolve the issue, however the client is a little resistant in registering the second phase2.
        Is there any other way for me to try this communication?

        So you have to translate the roadwarrior VPN IPs into ones which are covered by the actual phase 2.
        How to do this is discribed in the docs in NAT with IPsec Phase 2 Networks.

        If there is enough space in your phase 2 to include the OpenVPN tunnel network, you can use BINAT. Maybe you can shrink the vpn subnet. Otherwise you can go with PAT by simply pick an used IP of your local network wich is used by any vpn user then.

        L 1 Reply Last reply Reply Quote 0
        • L Offline
          leoescarpellin @viragomann
          last edited by

          @viragomann said in Communication VPN IPsec and OpenVPN:

          k an used IP of your local network wich is used by any vpn user then.

          Ty @viragomann,

          I will check the link, study about it and then try it in production.

          I return with the results of the tests.

          Att,
          Leonardo Escarpellin

          1 Reply Last reply Reply Quote 0
          • JKnottJ Offline
            JKnott @leoescarpellin
            last edited by

            @leoescarpellin

            Stop thinking of IPSec vs OpenVPN. Both are just methods to provide an IP connection between 2 points. As such, when the VPNs are up, it's just a matter of routing and rules as to whether traffic can pass between them, just like any other IP connection. Of course, you'll have to ensure network addresses don't collide (the NAT curse strikes again).

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.