PKI Road Warriors unable to cross Site-to-Site tunnel



  • Hello,

    I have a PKI OpenVPN server setup for road warriors to connect in.  I also have a site-to-site tunnel established between two offices.  However, I'm unable to get the road warrior clients to connect to the remote office after VPNing in.  Also, I can't get the remote users at the remote office to be able to ping the road warriors coming in.  I'm aiming for full connectivity between everyone, regardless if they're connected via site-to-site or as a road warrior.

    I'm able to accomplish this with a bridged VPN but they don't scale well for the application I'm working on.  (13 locations, 300+ users, multiple road warriors).  I tried making the other end of the site-to-site work like a road warrior but I got similar results.  The odd thing is, the server here at the main location (hosting the site-to-site and the road warriors) can connect to everything.

    Is there some firewalling going on I need to fix?  Is it because traffic is being NAT'd?  Does anyone have a better way to set this up?  Let me know, please.



  • I've had a friend help figure this one out.  What we had to do was use iroute in conjunction with the route command.  We now have a working PKI VPN infrastructure where all remote locations and the local office are fully connected.  (Can ping from anywhere to anything).

    If you're having issues, try looking at using the ccd directory and the iroute/route directives.


Log in to reply