Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reach LAN behind OpenVPN and IPSec

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 764 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Arci
      last edited by

      Hello Community,

      pfSense1 (2.2.5-RELEASE)	<== IPSEC Site-to-Site ==>	pfSense2 (2.2-RELEASE)
      LAN1: 192.168.1.0/24						LAN2: 192.168.2.0/24
      OpenVPN Network: 192.168.10.0/24
      

      Description:
      I have two locations with pfSense firewalls in place, connected together with a IPSec tunnel. PfSense1 has a OpenVPN Server to allow mobile users to connect to local resources.

      Goal:
      Allow OpenVPN Network to be able to communicate with LAN2 network.

      Issue:
      I am having difficulties in allowing OpenVPN Network to talk to LAN2 network - the traffic doesn't come back since pfSense2 doesn't know where OpenVPN Network is (doesn't have the route for it).
      Since IPSec tunnel cannot be referenced as a gateway, therefore I'm unable to add a manual route on pfSense2 to OpenVPN Network (so it knows where that network is).
      I was trying to figure out a NAT rule(s) to NAT the traffic through the tunnel in some way but I failed.

      What is the best way to achieve the goal and allow the two networks to talk to each other?
      If NAT is the way to go, could you kindly give an example of a NAT rule based on the example network information from above?

      Any input on this matter is appreciated. Thank you!

      PS: If there is a better place on the forum to move this question to - feel free to do so. Since it touches multiple subjects, I thought General Questions would be the best place.

      1 Reply Last reply Reply Quote 0
      • PerforadoP Offline
        Perforado Rebel Alliance
        last edited by

        did you try a second phase2 tunnel for the 192.168.10.0-net?

        1 Reply Last reply Reply Quote 0
        • A Offline
          Arci
          last edited by

          I have not until you mentioned it. Another Phase2 tunnel worked out very well and OpenVPN and LAN2 can talk to each other now.

          Thank you!  ;)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.