Announcement

Collapse
No announcement yet.

OpenVPN access IPSEC resources

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    OpenVPN access IPSEC resources

    Hi,

    We have an IPSEC tunnel between two sites and it's working fine. Sites are setup as follows:
    Site 1: Untangle 16.5.1 | Site 2: Pfsense Cloudwall

    Site 1 LAN: 192.168.120.0/24 | Site 2 LAN: 172.16.15.0/24

    Site 1 OpenVPN LAN: 172.29.225.0/23

    We want OpenVPN clients connecting to Site 1 to be able to reach network resources on Site 2.
    We've added the Openvpn Lan to the Local Network on the untangle IPSEC config and added a phase 2 on the pfsense with the same settings for the openvpn lan.

    We cant however reach Site 2 over the OpenVPN. The new Phase 2 is not starting.

    Any ideas?

    Thank you.
    Attached Files
    Tags: None
  • #2
    There are several parts to getting routing of OpenVPN over IPsec tunnel. When posting screen capture post the entire page since a smao; portion gives us no content.

    - The remote IPsec network address space must be in the OpenVPN Exported Networks.
    - IPsec on local must have the OpenVPN address space in the local network part of the config.
    - IPsec on the remote side must have the OpenVPN address space in the remote network part of the config.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

    Comment

    • #3
      Originally posted by jcoffin View Post
      There are several parts to getting routing of OpenVPN over IPsec tunnel. When posting screen capture post the entire page since a smao; portion gives us no content.

      - The remote IPsec network address space must be in the OpenVPN Exported Networks.
      - IPsec on local must have the OpenVPN address space in the local network part of the config.
      - IPsec on the remote side must have the OpenVPN address space in the remote network part of the config.
      I believe this goes for Ipsec tunnels too, if you have a tunnel between 2 sites and different vlan's & subnets you want to access from one..

      Comment

      • #4
        We've got a guide for that scenario specifically https://support.untangle.com/hc/en-u...VPN-Over-IPsec

        Comment

        • #5
          Originally posted by sheck View Post
          We've got a guide for that scenario specifically https://support.untangle.com/hc/en-u...VPN-Over-IPsec
          You're screen shots REALLY REALLY need to be improved, that or you guys need to make it so people can click on them and see the information !

          Comment

          • #6
            Originally posted by dashpuppy View Post
            Your screen shots REALLY REALLY need to be improved, that or you guys need to make it so people can click on them and see the information !
            You're not wrong that they're difficult to read. Thanks for bringing that to our attention.
            Græme Ravenscroft • Technical Marketing Engineer
            ('gram', like the unit of measurement)
            he/him
            Please don't reboot your NGFW.
            How can we make Arista ETM products better?

            Comment

            • #7
              Originally posted by gravenscroft View Post
              You're not wrong that they're difficult to read. Thanks for bringing that to our attention.
              No Problem, The main reason why i started making Untangle videos is because sometimes people can't follow instructions that are typed out, but they can follow a picture diagram. Pictures to some are better, some can read and understand

              Probably why i'm thanked for every Untangle video i do

              Comment

              • #8
                I did follow that guide but no luck.

                I''ve uploaded more complete screenshots.

                Thanks.
                Attached Files

                Comment

                • #9
                  Issue solved. I went over every setting and I was missing the allow rule for this network's traffic on the PFsense side.

                  Thank you all.

                  Comment

                  Previous template Next
                  Working...
                  X