Hi forum & opnsense team,
I'm trying to build a hybrid vpn connection for my needs.
I have a question about the feasibility of this topology :
subnetA------SiteA----(ipsec)---SiteB-----(openvpn)---SiteC--subnetC
All VPN are site-to-site mode. openvpn on pki/ssl.
Site B is configured with OpenVPN Server, Site C as a client openvpn which is override with CN certificate + iroute.
A>B working B>C working.
The goal is to reach A > C, C < A.
I know full openvpn and full ipsec is working perfectly, also ipsec + rw openvpn with more phase and push route too, but I can't validate this one.
Thanks,
Have a good day.
This is theoretical and there for can be answered in short: yes should be working, I would say, a bridge come to mind (?), but...
the description/ model of yours needs more descriptive input, e.g. do you speak of a router/firewall inbetween two boxes, one with OPNvpn one with IPsec, or are you speaking about two NICs in one box at site B routing between the OPenVPN and IPsec connected sites? Which OS which routers ( Cisco involved ) ? Do you mean an OPNsense appliance involved (already, planned?)
Would you mind to give us more information involved in your problem, please? The more & precise the better!
I believe there is no reason site A couldn't theoretically support both ipsec and openvpn the same as site B does. Not sure what software you are running on A & B.
However for simplicity you are probably better off sticking with one type of encryption. Site A should be able to run openvpn as client and server but as Chol suggested, you need to provide more info.
So A to B is openvpn. C is openvpn client to A and B.
Some googling on "openvpn server and client on same box" may help. AFAIAA a openvpn server can have multiple connections but each is a server instance on its own port.
Personally I use ipsec on 'triangular' sites as it is a bit easier using just PSK.
B. Rgds
John