Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec iOS clients - want to access other end of OpenVPN LAN-to-LAN

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dennisharrison
      last edited by

      OpenVPN Site to Site working between my house and my family's house. I'm impressed by the performance and reliability out of such an easy to use and free solution. Since there are now two roaming iPads in the mix - I think the best option, is to setup IPsec on one of the pfSenses?

      This will require a different/unique subnet,  right?

      So:

      #pfSense1

      • LAN - 192.168.42.0/24
      • OpenVPN - 10.0.42.0/24
      • IPsec - 10.0.43.0/24

      #pfSense2

      • LAN - 192.168.52.0/24
      • OpenVPN - 10.0.52.0/24

      Will I be able to connect an iPad to pfSense1 and be able to reach 192.168.52.*?

      If so, does that mean I will need static routes?

      Thank you for reading this. I'm really just looking for a sanity check. If there is a way to do this in a more 'automatic' way than setting the individual routes - I would love to know, as this has been a really fun learning experience and I want to understand as much of the fundamentals as possible.

      –
      Dennis

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Should be no trouble. pfSense2 will need to know that there is an extra subnet on pfSense1. In the Advanced of the OepnVPN on pfSense2 you can just put:

        route 10.0.43.0 255.255.255.0

        Then it will know how to route to the IPsec subnet.
        Similarly, IPsec settings will need to know that 192.168.52.0/24 on pfSense2 is reached by first going across the IPsec to pfSense1.
        Make sure to add firewall rules to the various VPN interfaces allowing traffic to/from the extra subnets (or maybe you already just have "pass all" rules on your VPN link).
        Then everything should know how to route, reply and not get filtered/dropped.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • D
          dennisharrison
          last edited by

          Phil, I just wanted to say thank you.  It was as simple as you suggested.  I've just now had the time/focus to configure and test this properly.  I just wish there was a way to get these darn iDevices to automatically reconnect to the IPsec VPN when turning back on.  I think that's out of the option because I'm using xauth with a pre-shared key, due to my inability to produce a certificate the iPad will accept.  Too bad Apple won't open the API for tunnel management so the OpenVPN project can use it.

          Anyway, thank you Phil - you helped me implement something that makes my life a little easier :)

          –
          Dennis

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.