OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: jp on February 17, 2017, 05:54:11 am

Title: VPN -> VPN routing? IPSec <-> OpenVPN [solved]
Post by: jp on February 17, 2017, 05:54:11 am

running 17.1.1

I have:
LAN 192.168.5.0/24
Open VPN server 192.168.25.0/24 192.168.6.192/29 192.168.4.0/24
IPSec tunnel to 10.100.0.0/16

OpenVPN clients can see the LAN resources and route traffic out to the internet.
LAN clients can reach the IPSec net just fine.

I can't for the life of me figure out how to get packets from an OpenVPN client to route to/from the IPSec connection.  Is this possible if so how?

Solved: i just figured it out.  If I put the OpenVPN inside the LAN address space, eg 192.168.5.192/29 it works

Solved 2: Better solution - and the fix that I should have found in the first place.  In the IPSec phase 2 setting I had Local Network set to LAN Subnet.  I needed to switch it to "Network" with a netmask that would encompass both my LAN and OpenVPN address spaces. In my case 192.146.4.0/23

Title: Re: VPN -> VPN routing? [solved]
Post by: djGrrr on February 17, 2017, 04:29:22 pm

This is definitely not the correct way to do this, this is a very bad hack at best.

I however do not know enough about ipsec config in opnsense to tell you how to accomplish what you want. Someone else can probably tell you the correct way to do this.

Title: Re: VPN -> VPN routing? [solved]
Post by: jp on February 17, 2017, 05:47:25 pm

I totally get it's a hack.  I just can't see what magic incantation to route add would make it route traffic between OpenVPN and IPSec.