Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPsec iOS clients - want to access other end of OpenVPN LAN-to-LAN

    OpenVPN
    2
    3
    1756
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dennisharrison last edited by

      OpenVPN Site to Site working between my house and my family's house. I'm impressed by the performance and reliability out of such an easy to use and free solution. Since there are now two roaming iPads in the mix - I think the best option, is to setup IPsec on one of the pfSenses?

      This will require a different/unique subnet,  right?

      So:

      #pfSense1

      • LAN - 192.168.42.0/24
      • OpenVPN - 10.0.42.0/24
      • IPsec - 10.0.43.0/24

      #pfSense2

      • LAN - 192.168.52.0/24
      • OpenVPN - 10.0.52.0/24

      Will I be able to connect an iPad to pfSense1 and be able to reach 192.168.52.*?

      If so, does that mean I will need static routes?

      Thank you for reading this. I'm really just looking for a sanity check. If there is a way to do this in a more 'automatic' way than setting the individual routes - I would love to know, as this has been a really fun learning experience and I want to understand as much of the fundamentals as possible.

      –
      Dennis

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        Should be no trouble. pfSense2 will need to know that there is an extra subnet on pfSense1. In the Advanced of the OepnVPN on pfSense2 you can just put:

        route 10.0.43.0 255.255.255.0

        Then it will know how to route to the IPsec subnet.
        Similarly, IPsec settings will need to know that 192.168.52.0/24 on pfSense2 is reached by first going across the IPsec to pfSense1.
        Make sure to add firewall rules to the various VPN interfaces allowing traffic to/from the extra subnets (or maybe you already just have "pass all" rules on your VPN link).
        Then everything should know how to route, reply and not get filtered/dropped.

        1 Reply Last reply Reply Quote 0
        • D
          dennisharrison last edited by

          Phil, I just wanted to say thank you.  It was as simple as you suggested.  I've just now had the time/focus to configure and test this properly.  I just wish there was a way to get these darn iDevices to automatically reconnect to the IPsec VPN when turning back on.  I think that's out of the option because I'm using xauth with a pre-shared key, due to my inability to produce a certificate the iPad will accept.  Too bad Apple won't open the API for tunnel management so the OpenVPN project can use it.

          Anyway, thank you Phil - you helped me implement something that makes my life a little easier :)

          –
          Dennis

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy