OpenVPN routing to multiple networks

geyser · Jun 20, 2022, 8:03 AM

I have 3 sites, they are all linked using IPsec. Traffic flows perfectly between any of the sites.

Today I added a roaming laptop using OpenVPN, I set it to route all traffic over the OpenVPN link when connected.

From my OpenVPN laptop I can connect to anything on 192.168.3.0 or the Internet through the 192.168.3.0 connection to the Internet.

I assumed since I was connected to the 192.168.3.0 network, it would also route to my other two networks over their site-2-site connections.... but it seems I can't connect to anything on those two networks.

I could create VPN links into those networks, but seems silly since I already have a connection to the private network. Should I be able to connect and something is not routing correctly? Or am I just mistaken and it can't do that?

viragomann · Jun 20, 2022, 10:47 AM

@geyser
You have to add a phase 2 to each site-to-site IPSec for connecting the remote network with the OpenVPN tunnel network.

geyser · Jun 20, 2022, 12:02 PM

@viragomann Ah! That makes sense the remote networks would not know where to send the traffic back to at this point.

I will test it out and see if I can get it working, thanks.

geyser · Jun 20, 2022, 11:51 PM

@viragomann Confirmed you were correct!

Adding a 2nd Phase 2 rule at both ends tells it where to send the traffic and it works perfectly.

Thanks for the tip!