I have an ipsec VPN set up between Site A (192.168.168.0/24) and Site B (10.0.0.0/24).
Site A is behind a Sonicwall; Site B is behind OPNSense. They can ping, file share, RDP, etc. correctly.
I've configured OpenVPN on the OPNSense box (assigning users an IP in the range 10.10.10.0/24 upon successful connection.) OpenVPN users can successfully reach the Site B LAN network (10.0.0.0/24) no problem.
What I want is for them to also be able to reach the Site A network; to ping or RDP to 192.168.168.x and for that to successfully go through OpenVPN, through the ipsec tunnel, and respond back.
However, a traceroute OpenVPN -> Site A won't even go through the OpenVPN tunnel unless 192.168.168.0/24 is a local route on the OpenVPN instance.
My current ipsec config has two children:
Local Remote
10.0.0.0/24 192.168.168.0/24
10.10.10.0/24 192.168.168.0/24
My OpenVPN instance has 10.0.0.0 and 192.168.168.0 as local networks for routing.
What am I missing? Any help would be appreciated.
Does the IPsec tunnel have an SA open that allows the OpenVPN source network through, and the other side of the IPsec tunnel to return packets to that source?
It did, but what it didn't have was a SPD for the second child. For whatever reason, OPNSense only generated a source/dest pair for the first child, so I had to manually add a new pair for the second child and then associate them together with a reqid. It's functioning now.