Access to remote ipsec site from OpenVPN client

Hi!

I am having a hard time figuring out how openvpn clients (client to site) can access an remote network over an ipsec tunnel.

I have two sites, each site with an ipfire instance. They are connected by ipsec (192.168.1.0/24 and 192.168.10.0/24).

Traffic from green to green between those sites, works great.

But when i connect to one of the ipfires with an openvpn client, i can only reach green on that ipfire. I want to reach both.

I have successfully pushed routes to both green networks to the openvpn client. I can not see any drops in the firewall logs. I have also experimentet with some firewall rules to make sure the openvpn client subnet is allowed on the «remote ipsec green subnet», but with no luck.

Is it possible to do somehow?

The IPSEC connection should be transparent and allowed once connected to the first LAN segment by openvpn. There have been a few instances of proper rules not working when crossing subnets, especially interested.

I would file a bug report.

hi,

do you try to push a route to our ipsec network in the section " Advanced server options"?
no sure it is the good way to do it but …

This should definitely work, but I tried this on my IPFIRE machine. Made it so openvpn access is allowed to local green subnet and remote IPSEC subnet but connections still fail to remote subnet.

Update - Tried making firewall rules pushing OVPN to IPSEC and vice versa using NAT forcing all to Green and not using NAT. None of the rules will work to access the remote subnet.


Fails.

Fails.