Reach LAN behind OpenVPN and IPSec



  • Hello Community,

    pfSense1 (2.2.5-RELEASE)	<== IPSEC Site-to-Site ==>	pfSense2 (2.2-RELEASE)
    LAN1: 192.168.1.0/24						LAN2: 192.168.2.0/24
    OpenVPN Network: 192.168.10.0/24
    

    Description:
    I have two locations with pfSense firewalls in place, connected together with a IPSec tunnel. PfSense1 has a OpenVPN Server to allow mobile users to connect to local resources.

    Goal:
    Allow OpenVPN Network to be able to communicate with LAN2 network.

    Issue:
    I am having difficulties in allowing OpenVPN Network to talk to LAN2 network - the traffic doesn't come back since pfSense2 doesn't know where OpenVPN Network is (doesn't have the route for it).
    Since IPSec tunnel cannot be referenced as a gateway, therefore I'm unable to add a manual route on pfSense2 to OpenVPN Network (so it knows where that network is).
    I was trying to figure out a NAT rule(s) to NAT the traffic through the tunnel in some way but I failed.

    What is the best way to achieve the goal and allow the two networks to talk to each other?
    If NAT is the way to go, could you kindly give an example of a NAT rule based on the example network information from above?

    Any input on this matter is appreciated. Thank you!

    PS: If there is a better place on the forum to move this question to - feel free to do so. Since it touches multiple subjects, I thought General Questions would be the best place.


  • Rebel Alliance

    did you try a second phase2 tunnel for the 192.168.10.0-net?



  • I have not until you mentioned it. Another Phase2 tunnel worked out very well and OpenVPN and LAN2 can talk to each other now.

    Thank you!  ;)


Log in to reply