acces toremote n2n ipsec over openvpn client

Hello IPFire Forum!

I am very new here in the forum and hoofe that topic does not exist yet.
If I should be too stupid to find it please help me - Thanks :slight_smile:

I have the following problem:

I have 2 sites which are connected via IPSEC N2N.

At location 1 an OPENVPN server is running.
If I am connected to the OPENVPN at location 1, I have no access to the network of location 2.

I have set everything in the firewall rules so that it should fit - but it does not work.

Where do I have a thinking error?

Or do I have to set the rules manually in the IPtables?
If so, what has to be done there?

Do you need more information?

Thanks a lot for your help :slight_smile:

Translated with www.DeepL.com/Translator (free version)

Hi Hugo,

whatā€™s ā€˜toremoteā€™ or ā€˜hoofeā€™?

In my opinion you havenā€™t really given much information at all. So you (your client) are at location 2 and whenever you connect to location 1 you canā€™t connect to any network members at location 2 anymore? If thatā€™s the case your catchword is default route. You have set a default route to location 1 so all traffic goes there.

Where can we see that?

Cheers Terry

Hi Terry,
Sorry for my Answer.

ā€œhoofeā€ - I mean ā€œhopeā€

I think - sry, i know, the routes are set.
In the roadworrior (OPENVPN)

and here the routes in the OPENVPN-Client:

ā€œTGLtoACBā€ route in the advanced options

Maybe the IPtables are not set?
Is there an option to set it?

PS:
I used the deepl because my English isnĀ“t good :wink:

And Thanks for your help!

Is this a user defined or automatically created network group? There is a bug with firewall groups -> setting up user defined network groups and iptables you can see at every bootup with a connected display so you can watch the progress.

Hello Terry,
and sorry for the late reply.

IĀ“ve Used the Firewall-Roules in the IPFire.
IĀ“ve set the Roule from OPENvpn to IPsec ā€œaccespt allā€.
But it did not Work.

Is this what you mean?

Or iĀ“ve to create a group?

I donā€™t know if this can work?
To clarify.
You computer ā€œAā€ is connecting to Site ā€œBā€ with OPENvpn.
Site ā€œBā€ is connected to Site ā€œCā€ with IPSEC n2n.
You want to communicate with Site ā€œCā€ threw both tunnels.

Hello,
I have the following scenario:
I have two ipfires connected over IPsec.
I am a roadwarrior (connected to site A) and want to access the network from Ipfire site B. The two IPfire are connected via IPsec. OPENvpn is for clients only.
I hope I explained it well?
Friendly greetings