Routing Problem OpenVPN Roadwarrior to other side of Site2Site Network

[verdi]

Hi,
i have an OPNSense Installation with IP Net 192.168.23.0/24 with a Site2Site IPSec VPN to a Fritzbox with IP Net 192.168.24.0/24
I can reach all 192.168.24.0/24 clients from my 192.168.23.0/24 clients
Works fine!
I also have a OpenVPN Server for mobile devices which get 192.168.25.0/24 IP addresses.
Works fine!
I can reach all 192.168.23.0/24 addresses from the Road Warrior client.
But i can't reach any of the 192.168.24.0/24 clients from any of the 192.168.25.0/24 Road Warrior clients.

Traceroutes from the 192.168.25.0/24 clients show that the request to 192.168.24.0/24 get routed to WAN on the OPNsense box.

Rules for OpenVPN are: source 192.168.25.0/24 -> * -> GW default ( i can't set IPSec connection here )

How can i fix it?

greets

Marcel

[bartjsmit]

Add a static route on the Fritzbox for 192.168.25.0/24 via OPNsense

Bart...

[verdi]

hi
i can already see on the openvpn client that the opnsense routes it wrin. see attachment

greets

Marcel

[verdi]

i found a route under system->routes->status

destination 192.168.24.0/24
gateway 84.x.x.x. ( my WAN IP )

but how can i find out who set this route? because that's obviously cuasing the problem ... it comes from 192.168.25.x ( openvpn client ) and then firewall looks at route an sends it through wan. exactly what i am seeing on my client


edit: route was set by phase 2 of the ipvsec site2site connection. Under advanced config you can set "don't add routes' then it disappears in the routing table but i can't add a proper static route then because i can't choose ipsec as gateway

[Suhel]

Hello Marcel,

have you found a solution for your problem? I think I am struggling with the same problem. Would be nice to hear from you.

Greeting
Suhel