Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allowing OpenVPN C2S Users go across Site 2 Site IPSEC VPN

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 679 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wspence
      last edited by

      Hey everyone, I am trying to get set on the correct path of how to setup routing with External Client 2 Site VPN users being able to go over a site to site to reach other locations.

      Current Setup: 2 physical locations both with pfSense Boxes. IPSEC Site to Site connects them together and then each location also has Client 2 Site OpenVPN setup as well.

      527f788c-c66d-47ae-bd2e-b45fe5065b41-image.png

      The client requested if we are able to allow OpenVPN traffic to cross the site 2 site VPN. that would solve the issues o having to keep jumping on and off the 2 different location C2S Vpn's to access resources at the location they want.

      I am trying to rack my head on how to do this as right now

      from Location 2 if i try to get the route to 192.168.1.1 (Location 1 pfSense)
      it wants to go over the WAN nothing really specifies the Site to Site VPN if that makes sense.
      631f4b6f-675a-47b7-a201-37ba5e7ba45e-image.png

      Looking at adding static routes nothing makes sense on how to send it across the S2S VPN.

      Any help woud be appreciated.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @wspence
        last edited by

        @wspence
        Yeah, it's not expected to see any route for an IPSec P2P with traditional phase 2.
        The IPSec Status page shows if the connection is established properly. And if you can reach the other site everything should be fine.

        To give the OpenVPN users access to the remote sites you have to add two P2 to each site:

        On location 1:
        P2-2:
        local network: 10.10.10.0/24
        remote: 192.168.11.0/24 (I guess)
        P2-3:
        local network: 192.168.1.0/24
        remote: 10.10.50.0/24

        loc 2:
        P2-2:
        local network: 192.168.11.0/24
        remote: 10.10.10.0/24
        P2-3:
        local network: 10.10.50.0/24
        remote: 192.168.1.0/24

        Also to the OpenVPN access Servers you have to add the remote network to the "IPv4 Local Network/s" on both sites:

        loc 1 / 2:
        IPv4 Local Network/s: 192.168.1.0/24,192.168.11.0/24

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.