Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route OpenVPN traffic through IPSec Tunnel

    OpenVPN
    ipsec openvpn routiing
    2
    2
    467
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joshopkins
      last edited by joshopkins

      I have three sites all connected by IPSec tunnels.
      SiteA - 172.16.0.0/24
      SiteB - 10.8.5.0/24
      SiteC - 10.15.10.0/24

      From any of these sites I can ping and connect services from one to the other two just fine. However we now have a bunch of new staff that are out on the road and need to have access. The CEO has required that we OpenVPN for this project.

      SiteB has the OpenVPN server configured on it. Users are able to connect just fine but we seem unable no matter how much I google to get it to route traffic to siteA and siteC.

      I found a guide that was close to what I need to do at https://wpcomputersolutions.com/pfsense-openvpn-to-work-through-ipsec-vpn/. Not sure if I am missing something but I am struggling.

      I added a P2 at siteA and siteC. It is setup with the local network being network and using the respective site's network (A 172.16.0.0/24 and C 10.15.10.0/24) then changing the remote network to network and added the OpenVPN network (10.100.100.0/24).

      On siteB I added a P2 for SiteA by changing the Local Network to Network and adding the OpenVPN network (10.100.100.0/24) and making sure that the Remote Network was set to network with SiteA Network (172.16.0.0/24). I then added a P2 for siteC by changing the Local Network to Network and adding the OpenVPN network (10.100.100.0/24) and making sure that the Remote Network was set to network with siteC Network (10.15.10/24).

      I then went to the OpenVPN settings and in the IPv4 Local Networks I added the following

      172.16.0.0/24,10.8.5.0/24,10.15.10.0/24

      I have also tried to use the advanced command section of OpenVPN with:

      push "route 172.16.0.0 255.255.255.0"; 
push "route 10.8.5.0 255.255.255.0"; 
push "route 10.15.10.0 255.255.255.0";

      I can see the routes on the local machine and in the IPSec SPD's. I even went so far as to set the firewall rules to be open from any to any and any protocols. I am able to ping and connect to everything at siteB but I get nothing for siteA or siteC. I have also rebooted all three pfSense appliances multiple times.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @joshopkins
        last edited by

        @joshopkins
        Seems all the settings you did are correct, apart from the push-route commands in the default options. These do the same as the "local networks" setting does, which is the preferred way. You shouldn't have both settings.

        Ensure that the access is allowed by rules on all incoming interfaces. Means on the OpenVPN interface at B and on the IPSec of A and C.

        To see what's going on, sniff the traffic on the involved interfaces, while you try to access a remote IP from an OpenVPN client.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post