Home / server / Questions / 991919
In Process
Frankie
Asked: 2019-11-15 16:01:55 +0800 CST

pfsense - route OpenVPN roadwarrior over IPSec to secondary office

  • 772

Having some trouble connecting clients from one office to the other.

  (10.1.1.0/24)             (192.168.5.0/24)
   Office ONE  <--- IPSec ---> Office TWO
        ^
        |
        v
  Road Warrior 1 (OpenVPN client)
    (10.1.2.2)

I've added an extra P2:
VPN / IPsec / Tunnels / Edit Phase 2
tunnel 10.1.2.0/24 192.168.5.0/24 ESP

And I've also added to OpenVPN custom Options:
VPN / OpenVPN / Servers / Edit
push "route 192.168.5.0 255.255.255.0";

But still Road Warrior 1 can only ping servers in the 10.1.1.0/24 subnet.

Any idea what I'm missing or what I've done wrong? Both pfsense boxes.

openvpn

1 Answers

  1. For anyone Googling here with the same issue.

    1) You must configure IPSec P2 with the following (reverse for Office B)

    Mode    Local Subnet   Remote Subnet
tunnel  10.1.1.0/24    192.168.5.0/24  (to connect office A to office B)
tunnel  10.1.2.0/24    192.168.5.0/24  (to connect OpenVPN from A to office B)
tunnel  10.1.1.0/24    192.168.2.0/24  (to connect OpenVPN from B to office A)

    2) You must open firewall (Firewall -> IPSec -> Rules)

    Protocol    Source          Port    Destination Port    Gateway
IPv4 *      192.168.5.0/24  *       *           *       *
IPv4 *      192.168.2.0/24  *       *           *       *

    3) Restart the IPSec service!

    I failed to do this and it cost me 1h trying to dig what was wrong.

    • 0