[pfSense] Route OpenVPN traffic to the available IPSec tunnels

Discussion:

Lorenzo Milesi

2014-12-24 11:15:54 UTC

Hi. Is it possible to route OpenVPN clients to the available IPSec routes?

I currently have 3 IPSec tunnels on my pfSense, and seldomly I need to access those routes outiside my office. Is it possible to do so?
In my firewall rules I have no restrictions, all traffic is allowed. I tried adding the route manually but apparently this is not enough because pfSense won't route my packets to the tunnel. Has this something to do with IPSec's phase2 entry?

thanks

--
Lorenzo Milesi - ***@yetopen.it

YetOpen S.r.l. - http://www.yetopen.it/

Chris Buechler

2014-12-26 21:59:08 UTC

Permalink

Post by Lorenzo Milesi
Hi. Is it possible to route OpenVPN clients to the available IPSec routes?
I currently have 3 IPSec tunnels on my pfSense, and seldomly I need to access those routes outiside my office. Is it possible to do so?
In my firewall rules I have no restrictions, all traffic is allowed. I tried adding the route manually but apparently this is not enough because pfSense won't route my packets to the tunnel. Has this something to do with IPSec's phase2 entry?

Yes, the P2 must match local+remote on both ends for the OpenVPN
tunnel network in order for the traffic to go across.

Bryan D.

2014-12-26 23:43:32 UTC

Permalink

See "5. Routing OpenVPN through IPSec VPN on pfSense" at
http://www.derman.com/blogs/IPSec-VPN-Firewall-Setup#RouteOpenVPNthruIPsec

(same approach required if multiple LANs are involved and one or more systems/subnets require access to multiple remotely located LANs)