I don't know if it's possible. It's certainly not the right way to do it, IMHO. The other sides' administrator really just needs to create a static route or accept RIP/BGP/whatever packets from you, so that his router knows how to get to your openVPN network. It might not be under your authority, but you at least have enough of a relationship to have an IPSec tunnel, which means that something standard like adding a route isn't really out of the question.
It's a simple route problem - don't make it complicated by adding NAT. If you're set on it, or if the other administrator won't work with you, add a NAT rule to make traffic originating from your openVPN network appear to come from the routers IPSEC address. Best Regards, Nathan Eisenberg From: Chris Roubekas [mailto:[email protected]] Sent: Thursday, January 28, 2010 12:20 PM To: [email protected] Subject: RE: [pfSense Support] Route OpenVPN client requests through IPSec tunnel I was told that NATing my OpenVPN clients to local LAN IP would do the trick of avoiding the routing from the far side (as far side is not under my authority). Can anyone tell me how to do this in pfSense?? C. ________________________________ From: Nathan Eisenberg [mailto:[email protected]] Sent: Thursday, January 28, 2010 12:32 PM To: [email protected] Subject: RE: [pfSense Support] Route OpenVPN client requests through IPSec tunnel I'm betting that the machines in the other office do not have a route to get to 10.99.99.0. Add a static route to the remote office gateway/IPSec router, sending traffic bound for 10.99.99.0/x to your OpenVPN server. The OpenVPN server will know where to send the traffic from there. Best Regards, Nathan Eisenberg Sr. Systems Administrator - Atlas Networks, LLC office: 206.577.3078 | suncadia: 206.210.5450 www.atlasnetworks.us | www.suncadianet.com From: Chris Roubekas [mailto:[email protected]] Sent: Thursday, January 28, 2010 1:00 AM To: [email protected] Subject: [pfSense Support] Route OpenVPN client requests through IPSec tunnel Dear all, I have recently managed to create an IPSec tunnel between my office and another one of the same company. The network topology is as follows: MyOffice: pfSense: LAN 10.100.100.0/255.255.255.0 WAN: 10.100.99.0/255.255.255.0 (connects to router for internet) IPSec tunnel: 192.168.20.0/255.255.255.0 (this is the lan of the other office. I can ping these machines from my local LAN). RoadWarrior OpenVPN (administered by pfSense). IP Range: 10.99.99.0 So far RoadWarrior clients can connect to the VPN and use all services on my local LAN. The problem is I need the road warrior clients to be able to use the machine of the IPSec Tunnel (192.168.20.0) as well. Any good ideas?? C. __________ Information from ESET NOD32 Antivirus, version of virus signature database 4811 (20100127) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4812 (20100128) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
