Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    Jan 2022
    Posts
    3

    Default OpenVPN access IPSEC resources

    Hi,

    We have an IPSEC tunnel between two sites and it's working fine. Sites are setup as follows:
    Site 1: Untangle 16.5.1 | Site 2: Pfsense Cloudwall

    Site 1 LAN: 192.168.120.0/24 | Site 2 LAN: 172.16.15.0/24

    Site 1 OpenVPN LAN: 172.29.225.0/23

    We want OpenVPN clients connecting to Site 1 to be able to reach network resources on Site 2.
    We've added the Openvpn Lan to the Local Network on the untangle IPSEC config and added a phase 2 on the pfsense with the same settings for the openvpn lan.

    We cant however reach Site 2 over the OpenVPN. The new Phase 2 is not starting.

    Any ideas?

    Thank you.
    Attached Images Attached Images

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,700

    Default

    There are several parts to getting routing of OpenVPN over IPsec tunnel. When posting screen capture post the entire page since a smao; portion gives us no content.

    - The remote IPsec network address space must be in the OpenVPN Exported Networks.
    - IPsec on local must have the OpenVPN address space in the local network part of the config.
    - IPsec on the remote side must have the OpenVPN address space in the remote network part of the config.
    dashpuppy likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    866

    Default

    Quote Originally Posted by jcoffin View Post
    There are several parts to getting routing of OpenVPN over IPsec tunnel. When posting screen capture post the entire page since a smao; portion gives us no content.

    - The remote IPsec network address space must be in the OpenVPN Exported Networks.
    - IPsec on local must have the OpenVPN address space in the local network part of the config.
    - IPsec on the remote side must have the OpenVPN address space in the remote network part of the config.
    I believe this goes for Ipsec tunnels too, if you have a tunnel between 2 sites and different vlan's & subnets you want to access from one..
    jcoffin likes this.
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  4. #4
    Untangler sheck's Avatar
    Join Date
    May 2020
    Posts
    63

    Default

    We've got a guide for that scenario specifically https://support.untangle.com/hc/en-u...VPN-Over-IPsec
    jcoffin and dashpuppy like this.

  5. #5
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    866

    Default

    Quote Originally Posted by sheck View Post
    We've got a guide for that scenario specifically https://support.untangle.com/hc/en-u...VPN-Over-IPsec
    You're screen shots REALLY REALLY need to be improved, that or you guys need to make it so people can click on them and see the information !
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  6. #6
    That Which Lurks Below
    Join Date
    Jul 2018
    Posts
    66

    Default

    Quote Originally Posted by dashpuppy View Post
    Your screen shots REALLY REALLY need to be improved, that or you guys need to make it so people can click on them and see the information !
    You're not wrong that they're difficult to read. Thanks for bringing that to our attention.
    dashpuppy likes this.
    Græme Ravenscroft • Technical Marketing Engineer
    ('gram', like the unit of measurement)
    he/him
    Please don't reboot your NGFW.
    How can we make Arista ETM products better?

  7. #7
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    866

    Default

    Quote Originally Posted by gravenscroft View Post
    You're not wrong that they're difficult to read. Thanks for bringing that to our attention.
    No Problem, The main reason why i started making Untangle videos is because sometimes people can't follow instructions that are typed out, but they can follow a picture diagram. Pictures to some are better, some can read and understand

    Probably why i'm thanked for every Untangle video i do
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  8. #8
    Newbie
    Join Date
    Jan 2022
    Posts
    3

    Default

    I did follow that guide but no luck.

    I''ve uploaded more complete screenshots.

    Thanks.
    Attached Images Attached Images

  9. #9
    Newbie
    Join Date
    Jan 2022
    Posts
    3

    Default

    Issue solved. I went over every setting and I was missing the allow rule for this network's traffic on the PFsense side.

    Thank you all.
    sheck and dashpuppy like this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2