Access Remote IPSec Site-to-Site Network via OpenVPN

groliveira18 · Aug 1, 2021, 3:07 PM

Guys,

I have a pfsense with an OpenVPN Server configured and working ok! I also have a Site-to-Site IPSec VPN for a branch office.

I would like my OpenVPN clients to be able to access the remote network from my IPSec VPN, but I cannot find a solution. Try using the push "route xxx.xxx.xxx.xxx. Xxx.xxx.xxx.xxx".

pfSense Network: 172.17.xxx.xxx/16
OpenVPN tunnel: 10.100.xxx.xxx/24
Remote Network IPSec: 192.168.xxx.xxx/24

Is there any practical solution to solve this problem? On an OpenVPN installed on a CentOS7 I managed to solve this using the "push route". But unfortunately I don't find a solution for pfSense.

viragomann · Aug 1, 2021, 6:37 PM

@groliveira18
Setting the routes in OpenVPN is only the half part of the solution, you also have to set the routes in IPSec.

Instead of "push route..." you should put the remote network behind the IPSec into the "Local Networks" box in the OpenVPN server settings.

In the IPSec settings you have to add an additional phase 2 for the OpenVPN tunnel and the remote network network (10.100.xxx.xxx/24 <> 192.168.xxx.xxx/24) on both endpoint.

groliveira18 · Aug 1, 2021, 7:28 PM

This post is deleted!

groliveira18 · Aug 1, 2021, 7:32 PM

@viragomann man, thank you immensely! I had never thought about it from that perspective. Worked perfectly!