OpenVPN <-> Wireguard

oleksii_pro · 12 January 2026 09:54

Hello. Please help a beginner, packets are not being transferred from OpenVPN to WireGuard.
I configured OpenVPN Roadwarrior and WireGuard Net-to-Net with a MikroTik router. OpenVPN clients cannot access the network via MikroTik LAN.
Configuring Firewall Rules between OpenVPN and WireGuard does not help.

pike_it · 12 January 2026 11:06

I’d look for the routing table, if the communication OpenVPN ↔ Wireguard has been configured.

oleksii_pro · 12 January 2026 12:02

10.1.17.0/24 dev wg5 scope link src 10.10.17.1
10.10.17.0/24 dev green0 proto kernel scope link src 10.10.17.1
10.11.17.0/24 dev tun0 proto kernel scope link src 10.11.17.1
10.13.17.0/24 dev wg0 scope link

10.1.17.0 LAN Mikrotik
10.10.17.0/24 LAN Ipfire
10.11.17.0/24 OpenVPN
10.13.17.0/24 wireguard Host-To-Net Client
wg5 Net-To-Net ipfire - mikrotik

bonnietwin · 12 January 2026 12:10

Have you had a look at the documentation on connecting an Openvpn Road Warrior connection through a Net to Net OpenVPN tunnel?
https://www.ipfire.org/docs/configuration/services/openvpn/config/traverse_net-to-net_vpn_from_road_warrior

Although the documentation is for an OpenVPN Net to Net tunnel, the principle should be the same for trying to connect through a WireGuard Net to Net tunnel.

I have not tried the connection described in the documentation myself but it certainly worked back in 2022 when the forum user created the documentation page.

oleksii_pro · 12 January 2026 13:16

I reviewed the documentation. Thank you. I followed the same procedure, but it is not working. You can access the local network on ipfire with both OpenVPN and WireGuard, but not between them.

tphz · 12 January 2026 17:05

I once created such a connection. It still works today.

bonnietwin · 12 January 2026 17:07

That’s great news. Hopefully you will be able to help @oleksii_pro resolve the issue.

tphz · 12 January 2026 19:51

edit

I made the connection described in the instructions.
OVPNClient--OVPNClient2Net--IPFireA--OVPNNet2Net--IPFireB--GreenNet

However, I will show an example of a configuration using Wireguard, which should allow the client to access the IPFire_B GREEN network via the Wireguard IPFire_A connection.

WireGuardClient--WireGuardHost2Net--IPFireA--WireguardNet2Net--IPFireB--GreenNet

Regards

PS.1
Please let me know if you spot any mistakes in the example – I will make corrections.

PS.2
Problems may also arise from insufficient Mikrotik configuration.
Mikrotik has a specific configuration method.

bonnietwin · 12 January 2026 21:25

I believe, based on my openvpn n2n tunnels I have made, that the remote subnet mentioned for IPFire_A should be 10.20.20.0/24 instead of 10.20.5.0/24 so that it matches the Local Subnet for IPFire_B

tphz · 13 January 2026 06:27

Thanks a lot!

I’ve made the corrections.

Regards.

tphz · 13 January 2026 08:57

Below is an example configuration that should enable an OpenVPN client to access the GREEN IPFire_B network via a Wireguard Net2Net connection.
OVPNClient--OVPNHost2Net--IPFireA--WireguardNet2Net--IPFireB--GreenNet

@bonnietwin
Please let me know if you spot any mistakes in the example – I will make corrections.

Regards

oleksii_pro · 13 January 2026 09:46

I used to have OpenVPNClient–IPFire–OpenVPN–Mikrotik, and everything worked fine.
WireguardClient–IFire-Wireguard N2N–Mikrotik is now working (according to the principle in your table).
OpenVPNClient–IFire-Wireguard N2N–Mikrotik is not working.

As far as I understand, everything is blocked in firewall WGBLOCK.