Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN interface to IPSEC with Phase2 NAT/BINAT Routing Help

    Scheduled Pinned Locked Moved
    IPsec
    2
    3
    115
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      edgewater
      last edited by

      Hardware is a Netgate 2100 pfsense 23.09.1-RELEASE (arm64)

      I have a working IPSEC tunnel with a Phase2 as follows:
      Local Network 10.22.143.96/28
      NAT/BINAT translation 10.22.143.96/28
      Remote Network 10.33.64.227/27

      I can ssh from OPT1 to LAN then ssh from LAN to OPT4.

      I want my OpenVPN connection/Interface (OPT1) 192.168.245.0/24 to have RDS connectivity to a machine I have placed in the IPSEC interface (OPT4)

      Default any RULES exist but I did have to Enable 802.1q VLAN mode.
      Diags that might help

      From Windows connect via OpenVPN

      Tracing route to 10.22.143.53 over a maximum of 30 hops
      1 3 ms 3 ms 5 ms 10.0.0.1
      2 * * * Request timed out.

      Tracing route to 10.254.1.54 over a maximum of 30 hops
      1 20 ms 25 ms 20 ms 192.168.245.1
      2 27 ms 19 ms 20 ms 10.254.1.54

      On LAN machine 10.254.1.54
      traceroute to 10.22.143.53 (10.22.143.53), 30 hops max, 60 byte packets
      1 _gateway (10.254.1.1) 0.228 ms 0.246 ms 0.269 ms
      2 10.22.143.53 (10.22.143.53) 1.053 ms !X 1.066 ms !X 1.078 ms !X

      Using ssh for now but I assume if I get ssh to work RDS will work as I am using protocol any for now.

      Any help is appreciated.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @edgewater
        last edited by

        @edgewater said in OpenVPN interface to IPSEC with Phase2 NAT/BINAT Routing Help:

        I have a working IPSEC tunnel with a Phase2 as follows:
        Local Network 10.22.143.96/28
        NAT/BINAT translation 10.22.143.96/28
        Remote Network 10.33.64.227/27

        I can ssh from OPT1 to LAN then ssh from LAN to OPT4.

        I want my OpenVPN connection/Interface (OPT1) 192.168.245.0/24 to have RDS connectivity to a machine I have placed in the IPSEC interface (OPT4)

        So add a phase 2 to connect the subnets.
        And in the OpenVPN server settings add the remote subnet to the "local networks" to push the routes.

        E 1 Reply Last reply Reply Quote 0
        • E
          edgewater @viragomann
          last edited by

          @viragomann Thanx! You made me look at the "local networks" setting in the OpenVPN configuration and I had the subnet mask incorrect for the OPT4 interface /24 instead of /28 . So now connecting via OpenVPN I have access to IPSEC Interface machines with ip addresses of .97 to .110. I have two Phase2 objects on the IPSEC tunnel for two different subnet machines and they have been working fine being accessed from the 10.22.143.96/28 subnet. No changes there or additions. Data is flowing.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post