Routing IPsec to OpenVPN site to site {hybrid}

[ndan]

Hi forum & opnsense team,

I'm trying to build a hybrid vpn connection for my needs.
I have a question about the feasibility of this topology :

subnetA------SiteA----(ipsec)---SiteB-----(openvpn)---SiteC--subnetC

All VPN are site-to-site mode. openvpn on pki/ssl.
Site B is configured with OpenVPN Server, Site C as a client openvpn which is override with CN certificate + iroute.
A>B working  B>C working.
The goal is to reach A > C, C < A.

I know full openvpn and full ipsec is working perfectly, also ipsec + rw openvpn with more phase and push route too, but I can't validate this one.

Thanks,
Have a good day.

[chol]

This is theoretical and there for can be answered in short: yes should be working, I would say, a bridge come to mind (?), but...

the description/ model of yours needs more descriptive input, e.g. do you speak of a router/firewall inbetween two boxes, one with OPNvpn one with IPsec, or are you speaking about two NICs in one box at site B routing between the OPenVPN and IPsec connected sites? Which OS which routers ( Cisco involved ) ? Do you mean an OPNsense appliance involved (already, planned?)

Would you mind to give us more information involved in your problem, please? The more & precise the better!

[reep]

I believe there is no reason site A couldn't theoretically support both ipsec and openvpn the same as site B does. Not sure what software you are running on A & B.

However for simplicity you are probably better off sticking with one type of encryption. Site A should be able to run openvpn as client and server but as Chol suggested, you need to provide more info.

So A to B is openvpn. C is openvpn client to A and B.

Some googling on "openvpn server and client on same box" may help. AFAIAA a openvpn server can have multiple connections but each is a server instance on its own port.

Personally I use ipsec on 'triangular' sites as it is a bit easier using just PSK.

B. Rgds
John