Route traffic through multiple site2site VPNs

Juffi

Hello!

I have 2 sites (192.168.33.1, 192.168.44.1) which are connected through a OpenVPN Site2Site VPN.

Clients from Site1 (192.168.33.1) can reach server 10.0.10.10 through IPsec Site2Site
Firewall of Site2 (192.168.44.1) can ping server 10.0.10.10
Clients of Site2 can´t ping server 10.0.10.10

Network plan:

Firewall Rules 192.168.44.1: Lan and Openvpn: everything allowed

So why can the firewall ping the server but not the clients behind the firewall? What have I forgotten?

Thanks a lot!

viragomann

@juffi
Did you configure the VPN routing properly?

You have to add an additional IPSec phase 2 for the network at site 2 and that one behind the IPSec.
So at site 1:
local: 192.168.44.0/24
remote: 10.0.10.0/24
and at the other site the other way around.

And at site 2 you have to add the remote network behind the IPSec 10.0.10.0/24 to the "Remote Networks" in the OpenVPN config to route traffic to site 1.

Juffi

@viragomann Thanks a lot! For the IPSec tunnel i configured the opvenvpn tunnel network address and not the local network of the site (192.168.44.1).
Thanks a lot!