Hi Everyone
Users/Clients connected by Open VPN to COS can´t see networks connected by IPSEC VPN in the same COS. How can I do to they see each other?
I try with:
- EXTRALANS - clearos/network.conf
- PUSH ROUTES - openvpn/clients.conf
- NAT ENABLED
I would appreciate your comments.
REGARDS
Users/Clients connected by Open VPN to COS can´t see networks connected by IPSEC VPN in the same COS. How can I do to they see each other?
I try with:
- EXTRALANS - clearos/network.conf
- PUSH ROUTES - openvpn/clients.conf
- NAT ENABLED
I would appreciate your comments.
REGARDS
In OpenVPN
Share this post:
Responses (1)
-
Accepted Answer
The problem is really IPsec. You need EXTRALANS for OpenVPN to cover the IPsec subnet. This adds a route for OpenVPN to push traffic from the client to the remote IPsec subnet via the server. You also need an extra tunnel in IPsec for the OpenVPN subnet (10.8.0.0/24 by default) to the remote subnet.
There is a trick you can pull to just use a single IPsec tunnel. If you move the OpenVPN subnet to adjacent to your LAN, you can route the larger subnet in a single tunnel definition. As an example, my LAN Subnet is 172.17.2.0/24. I changed my OpenVPN subnet (in /etc/openvpn/clients.conf) to 172.17.3.0/24. Then, in IPsec, for my local subnet I used 172.17.2.0/23 which routed the LAN and OpenVPN through the tunnel. Be careful of your subnetting. Had I used 172.17.1.0/24 for OpenVPN, I would have had to route 172.17.0.0/22 through the IPsec tunnel.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »