OpenVPN access IP over IPSec

I have an LDAP used for authentication setup at Site A. This LDAP server is also the DNS server for all sites. All data is replicated to Site B via an IPSec tunnel. I have OpenVPN clients that connect to Site B so they can access resources from there. They can also access the replicated LDAP data at Site B, but all modifications must be made at the Primary Node at Site A. Is there a way to tunnel access from the LDAP server at Site A to OpenVPN clients connected to Site B?

(All sites are pfSense)

I’m pretty sure if you setup your OpenVPN server to have access to site B subnet it should route just fine.

If I simply add the remote subnet of Site A in Site B’s OpenVPN, I can’t ping any device from a client connected via OpenVPN

Do you have your rules setup to allow ICMP traffic?

Yes, but I also can’t access either the IP or the FQDN of the server in Site A (via any browser or files) from a client connected to Site B via OpenVPN.

At site A, do you have an IPSEC P2 entry for the OpenVPN subnet at site B?

1 Like

I do not. That makes a lot of sense. I will try that.

Edit: That was the solution. Thanks a bunch!

1 Like