Allowing OpenVPN C2S Users go across Site 2 Site IPSEC VPN

wspence

Hey everyone, I am trying to get set on the correct path of how to setup routing with External Client 2 Site VPN users being able to go over a site to site to reach other locations.

Current Setup: 2 physical locations both with pfSense Boxes. IPSEC Site to Site connects them together and then each location also has Client 2 Site OpenVPN setup as well.

The client requested if we are able to allow OpenVPN traffic to cross the site 2 site VPN. that would solve the issues o having to keep jumping on and off the 2 different location C2S Vpn's to access resources at the location they want.

I am trying to rack my head on how to do this as right now

from Location 2 if i try to get the route to 192.168.1.1 (Location 1 pfSense)
it wants to go over the WAN nothing really specifies the Site to Site VPN if that makes sense.

Looking at adding static routes nothing makes sense on how to send it across the S2S VPN.

Any help woud be appreciated.

viragomann

@wspence
Yeah, it's not expected to see any route for an IPSec P2P with traditional phase 2.
The IPSec Status page shows if the connection is established properly. And if you can reach the other site everything should be fine.

To give the OpenVPN users access to the remote sites you have to add two P2 to each site:

On location 1:
P2-2:
local network: 10.10.10.0/24
remote: 192.168.11.0/24 (I guess)
P2-3:
local network: 192.168.1.0/24
remote: 10.10.50.0/24

loc 2:
P2-2:
local network: 192.168.11.0/24
remote: 10.10.10.0/24
P2-3:
local network: 10.10.50.0/24
remote: 192.168.1.0/24

Also to the OpenVPN access Servers you have to add the remote network to the "IPv4 Local Network/s" on both sites:

loc 1 / 2:
IPv4 Local Network/s: 192.168.1.0/24,192.168.11.0/24