OpenVPN client does not see IPSEC network



  • Hello,
    I have more locations connect true IPSEC tunnel.
    In a main location I have more VLAN and OpenVPN server for mobile client.
    I need for specific client to see true OpenVPN tunnel IPSEC network (192.168.2.0/24)
    Config for OpenVNP client is:
    push "route 192.168.1.0 255.255.255.0";
    push "route 192.168.100.0 255.255.255.0";
    push "route 192.168.2.0 255.255.255.0";

    With this configuration works main network 192.168.1.0/24 VLAN network 192.168.100.0/24 but not working with IPSEC network 192.168.2.0/24

    What is wrong and what do I have setup ?

    Here is pictures how it looks.
    https://dl.dropbox.com/u/4490259/slika/network2.PNG


  • Rebel Alliance Developer Netgate

    You need to include the OpenVPN subnet in your Phase 2 networks for the IPsec tunnels. You need an entry on each side, as you have now for your existing LAN, but for the OpenVPN subnet.



  • Hello,
    I add new subnet in  Phase 2 IPSEC for OPENVPN 192.168.200.0/24 but still don`t work
    IP address for OPENVPN server is 192.168.200.1, but I can not ping from other IPSEC site 192.168.10.0/24.

    As well as the status IPSEC show it is not connected.
    What is wrong ?

    https://dl.dropbox.com/u/4490259/slika/IPSEC.PNG



  • could you or anybody  solve this issue ?

    I have a similar problem.

    Regards.



  • Don't know if this is related or not but I was setting up OpenVPN due to my issues with speed with IPsec tunnels, you can read about them here http://forum.pfsense.org/index.php/topic,62457.0.html. Anyway I setup the OpenVPN and I was not getting communication from site to site even though I was absolutely sure I set it up correctly. After further inspection I was that I still had the IPsec configuration still setup for the remote site. This got me thinking, and I would love some clarification from anyone who knows for sure:

    IPsec has a lower cost than OpenVPN, in other words IPsec routes are preferred over OpenVPN?

    How about other VPN technologies that Pfsense supports, what are the order in which they will be used? Maybe this is your problem? Once you add the OpenVPN interface to your IPsec, you may then need to add a static route to use the IPsec tunnel?

    I know that it's not a good idea to have multiple tunnels going to the same site, but this is just good to know in the future for trouble shooting purposes.


Locked