OpenVPN access IP over IPSec

macTim · April 15, 2023, 2:42pm

I have an LDAP used for authentication setup at Site A. This LDAP server is also the DNS server for all sites. All data is replicated to Site B via an IPSec tunnel. I have OpenVPN clients that connect to Site B so they can access resources from there. They can also access the replicated LDAP data at Site B, but all modifications must be made at the Primary Node at Site A. Is there a way to tunnel access from the LDAP server at Site A to OpenVPN clients connected to Site B?

(All sites are pfSense)

xMAXIMUSx · April 15, 2023, 10:15pm

I’m pretty sure if you setup your OpenVPN server to have access to site B subnet it should route just fine.

macTim · April 16, 2023, 12:59am

If I simply add the remote subnet of Site A in Site B’s OpenVPN, I can’t ping any device from a client connected via OpenVPN

xMAXIMUSx · April 16, 2023, 2:23pm

Do you have your rules setup to allow ICMP traffic?

macTim · April 16, 2023, 2:38pm

Yes, but I also can’t access either the IP or the FQDN of the server in Site A (via any browser or files) from a client connected to Site B via OpenVPN.

SuperTypeGuy · April 16, 2023, 4:30pm

At site A, do you have an IPSEC P2 entry for the OpenVPN subnet at site B?

macTim · April 16, 2023, 4:53pm

I do not. That makes a lot of sense. I will try that.

Edit: That was the solution. Thanks a bunch!