Hello everybody, I am facing a network setup problem, which struggles me for at least 2 weeks.
Following situation: The heart of our company network is a pfsense. Here several ipsec connections are managed. To build up home-work possibilities, the idea is now, to set up an openVPN Server on the pfsense, too. This openVPN should be used from extern to connect to the company network. Remote Clients should be able to use all local (company network) resources as well as remote (ipsec) resources. We have built a working openVPN Server and clients are able to connect. The problem is, that clients are not able to make use of the ipsec tunnels. To sharp the scenario, i list the concrete network setup: local (company) network: 192.168.44.0/24 openVPN network: 10.254.254.0/24 one ipsec network, where a return route to 10.254.254.0/24 was added: 192.168.20.0/24 an other ipsec network withou the return route: 192.168.100.0/24. Additionally we have opened the firewall for the standard openvpn port, which is used by our openVPN server and in the local network every communication is allowed. Following results can be achieved: Only push the local network to the openvpn client: routing table on clients seems to be correct, but no ping of local or ipsec resources is possible. Push "redirect-gateway" - set default gatway in openvpn: routing table gets messed up. Additional outbound Nat for WAN device and 10.254.254.0/24 makes local ressources (f.e. 192.168.44.254 - our pfsense) available, but the ipsec resources are still unavailable. A traceroute shows, that with active NAT, the first hop is the pfsense itself and then the gateway of the ISP. But instead of the ISP gateway the remote ipsec gateway of the corresponding ipsec tunnel should be used. I have tried nearly every combination of openVPN option and NAT, but a use of ipsec and local ressources was never possible. What am I missing? Do I have to setup opt1 device (=tun0) correctly? For openVPN we do not want to use bridging. We also make use of tun devices. Accordingly, the established ipsec structure can not be migrated to openvpn. Perhaps someone could lead me to the missing point in my setup. With best regrets Alex -- Alexander Queisser Hörderstrasse 380 | 58454 Witten Stockum Tel: +49 2302 98391080 | Fax: +49 2302 98391089 Mail: [email protected] | Netz: www.metasec.de M E T A S E C - protect your data --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
