OpenVPN client does not see IPSEC network
bosko last edited by
I have more locations connect true IPSEC tunnel.
In a main location I have more VLAN and OpenVPN server for mobile client.
I need for specific client to see true OpenVPN tunnel IPSEC network (192.168.2.0/24)
Config for OpenVNP client is:
push "route 192.168.1.0 255.255.255.0";
push "route 192.168.100.0 255.255.255.0";
push "route 192.168.2.0 255.255.255.0";
With this configuration works main network 192.168.1.0/24 VLAN network 192.168.100.0/24 but not working with IPSEC network 192.168.2.0/24
What is wrong and what do I have setup ?
Here is pictures how it looks.
You need to include the OpenVPN subnet in your Phase 2 networks for the IPsec tunnels. You need an entry on each side, as you have now for your existing LAN, but for the OpenVPN subnet.
bosko last edited by
I add new subnet in Phase 2 IPSEC for OPENVPN 192.168.200.0/24 but still don`t work
IP address for OPENVPN server is 192.168.200.1, but I can not ping from other IPSEC site 192.168.10.0/24.
As well as the status IPSEC show it is not connected.
What is wrong ?
lap last edited by
could you or anybody solve this issue ?
I have a similar problem.
mikeisfly last edited by
Don't know if this is related or not but I was setting up OpenVPN due to my issues with speed with IPsec tunnels, you can read about them here http://forum.pfsense.org/index.php/topic,62457.0.html. Anyway I setup the OpenVPN and I was not getting communication from site to site even though I was absolutely sure I set it up correctly. After further inspection I was that I still had the IPsec configuration still setup for the remote site. This got me thinking, and I would love some clarification from anyone who knows for sure:
IPsec has a lower cost than OpenVPN, in other words IPsec routes are preferred over OpenVPN?
How about other VPN technologies that Pfsense supports, what are the order in which they will be used? Maybe this is your problem? Once you add the OpenVPN interface to your IPsec, you may then need to add a static route to use the IPsec tunnel?
I know that it's not a good idea to have multiple tunnels going to the same site, but this is just good to know in the future for trouble shooting purposes.