OpenVPN unable to access local network when all traffic routed through IPSec

karpia8

Hello guys!
Recently I implemented some changes to pfSense, specifically:
I set the remote network as 0.0.0.0/0 in the P2 VPN settings for the IPSec tunnel (between pfSense and other firewall).
It went fine, and now all traffic from local network is going through the VPN tunnel, so I achieved my goal (I wanted all network traffic from the local subnet on pfSense to the Internet to go through the WAN interface on the firewall on the other side of the IPSec tunnel).

However, I encountered an issue with OpenVPN. Since the local subnet is reachable from the other side of VPN tunnel, it is unavailable for the OpenVPN clients connecting directly to pfSense. The VPN is connecting, but it is impossible to reach local network.

I checked packet capture and it seems like there is no response at all from the local network to OpenVPN client. Also I checked logs on the firewall on the other side of VPN tunnel: no logs indicating the connections from OpenVPN clients there.

On the diagram below I presented the topology. Connection from OpenVPN Client to pfSense is working, but LAN network behind pfSense is unreachable.

Would you be able to support me in this matter?

viragomann

@karpia8
Is this an OpenVPN access server, where 172.20.20.0/24 is the tunnel network?
If so I don't expect, that there is any impact due the IPSec settings.