OpenVPN client does not see IPSEC network

  • Hello,
    I have more locations connect true IPSEC tunnel.
    In a main location I have more VLAN and OpenVPN server for mobile client.
    I need for specific client to see true OpenVPN tunnel IPSEC network (
    Config for OpenVNP client is:
    push "route";
    push "route";
    push "route";

    With this configuration works main network VLAN network but not working with IPSEC network

    What is wrong and what do I have setup ?

    Here is pictures how it looks.

  • Rebel Alliance Developer Netgate

    You need to include the OpenVPN subnet in your Phase 2 networks for the IPsec tunnels. You need an entry on each side, as you have now for your existing LAN, but for the OpenVPN subnet.

  • Hello,
    I add new subnet in  Phase 2 IPSEC for OPENVPN but still don`t work
    IP address for OPENVPN server is, but I can not ping from other IPSEC site

    As well as the status IPSEC show it is not connected.
    What is wrong ?

  • could you or anybody  solve this issue ?

    I have a similar problem.


  • Don't know if this is related or not but I was setting up OpenVPN due to my issues with speed with IPsec tunnels, you can read about them here,62457.0.html. Anyway I setup the OpenVPN and I was not getting communication from site to site even though I was absolutely sure I set it up correctly. After further inspection I was that I still had the IPsec configuration still setup for the remote site. This got me thinking, and I would love some clarification from anyone who knows for sure:

    IPsec has a lower cost than OpenVPN, in other words IPsec routes are preferred over OpenVPN?

    How about other VPN technologies that Pfsense supports, what are the order in which they will be used? Maybe this is your problem? Once you add the OpenVPN interface to your IPsec, you may then need to add a static route to use the IPsec tunnel?

    I know that it's not a good idea to have multiple tunnels going to the same site, but this is just good to know in the future for trouble shooting purposes.

Log in to reply