OpenVPN Remote Access with IPSec Site to Site


  • Hello all! I'm fairly new to PFSense but have done a good bit with firewalls (no PFSense) in previous positions. So far I'm loving PFSense, but I'm running into an interesting scenario that I'm not quite sure how to setup. I've successfully setup 2 IPSec site to site tunnels that are working well. I've however hit a scenario and I'm a little stumped and looking for some advice. One of the IPSec VPNs uses NAT-T to NAT our internal /16 range over a single IP (required by the other side due to overlapping IP ranges), and this is working great from the office. I have several users who need remote access and I am in the process of setting up and OpenVPN remote access VPN. The issue I'm running into is that the virtual IP range I gave it is outside the /16 we're using as our private LAN ip space. I have tested and can authenticate against RADIUS and connect to the office and ping machines on the local LAN, but since the VPN's IP range isn't part of the LAN it's not able to be NAT translated over the IPSec tunnel. I'm also not able to hit the public internet from the VPN connection. I'm sure there's something silly I'm missing, but have spent a few hours reading through forums, looking at the wiki, and beating me head against a wall. Looking for some advice. Thanks in advance.