I am having a hard time figuring out how openvpn clients (client to site) can access an remote network over an ipsec tunnel.
I have two sites, each site with an ipfire instance. They are connected by ipsec (192.168.1.0/24 and 192.168.10.0/24).
Traffic from green to green between those sites, works great.
But when i connect to one of the ipfires with an openvpn client, i can only reach green on that ipfire. I want to reach both.
I have successfully pushed routes to both green networks to the openvpn client. I can not see any drops in the firewall logs. I have also experimentet with some firewall rules to make sure the openvpn client subnet is allowed on the «remote ipsec green subnet», but with no luck.
The IPSEC connection should be transparent and allowed once connected to the first LAN segment by openvpn. There have been a few instances of proper rules not working when crossing subnets, especially interested.