My Community Dashboard

  • The problem is really IPsec. You need EXTRALANS for OpenVPN to cover the IPsec subnet. This adds a route for OpenVPN to push traffic from the client to the remote IPsec subnet via the server. You also need an extra tunnel in IPsec for the OpenVPN subnet ( by default) to the remote subnet.

    There is a trick you can pull to just use a single IPsec tunnel. If you move the OpenVPN subnet to adjacent to your LAN, you can route the larger subnet in a single tunnel definition. As an example, my LAN Subnet is I changed my OpenVPN subnet (in /etc/openvpn/clients.conf) to Then, in IPsec, for my local subnet I used which routed the LAN and OpenVPN through the tunnel. Be careful of your subnetting. Had I used for OpenVPN, I would have had to route through the IPsec tunnel.