Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client does not see IPSEC network

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 4 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bosko
      last edited by

      Hello,
      I have more locations connect true IPSEC tunnel.
      In a main location I have more VLAN and OpenVPN server for mobile client.
      I need for specific client to see true OpenVPN tunnel IPSEC network (192.168.2.0/24)
      Config for OpenVNP client is:
      push "route 192.168.1.0 255.255.255.0";
      push "route 192.168.100.0 255.255.255.0";
      push "route 192.168.2.0 255.255.255.0";

      With this configuration works main network 192.168.1.0/24 VLAN network 192.168.100.0/24 but not working with IPSEC network 192.168.2.0/24

      What is wrong and what do I have setup ?

      Here is pictures how it looks.
      https://dl.dropbox.com/u/4490259/slika/network2.PNG

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You need to include the OpenVPN subnet in your Phase 2 networks for the IPsec tunnels. You need an entry on each side, as you have now for your existing LAN, but for the OpenVPN subnet.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          bosko
          last edited by

          Hello,
          I add new subnet in  Phase 2 IPSEC for OPENVPN 192.168.200.0/24 but still don`t work
          IP address for OPENVPN server is 192.168.200.1, but I can not ping from other IPSEC site 192.168.10.0/24.

          As well as the status IPSEC show it is not connected.
          What is wrong ?

          https://dl.dropbox.com/u/4490259/slika/IPSEC.PNG

          1 Reply Last reply Reply Quote 0
          • L
            lap
            last edited by

            could you or anybody  solve this issue ?

            I have a similar problem.

            Regards.

            1 Reply Last reply Reply Quote 0
            • M
              mikeisfly
              last edited by

              Don't know if this is related or not but I was setting up OpenVPN due to my issues with speed with IPsec tunnels, you can read about them here http://forum.pfsense.org/index.php/topic,62457.0.html. Anyway I setup the OpenVPN and I was not getting communication from site to site even though I was absolutely sure I set it up correctly. After further inspection I was that I still had the IPsec configuration still setup for the remote site. This got me thinking, and I would love some clarification from anyone who knows for sure:

              IPsec has a lower cost than OpenVPN, in other words IPsec routes are preferred over OpenVPN?

              How about other VPN technologies that Pfsense supports, what are the order in which they will be used? Maybe this is your problem? Once you add the OpenVPN interface to your IPsec, you may then need to add a static route to use the IPsec tunnel?

              I know that it's not a good idea to have multiple tunnels going to the same site, but this is just good to know in the future for trouble shooting purposes.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.