> On 9/26/06, Jonathan Horne <[EMAIL PROTECTED]> wrote: >> > On 9/26/06, Jonathan Horne <[EMAIL PROTECTED]> wrote: >> >> > On 9/26/06, Rob Terhaar <[EMAIL PROTECTED]> wrote: >> >> >> On 9/26/06, Jonathan Horne <[EMAIL PROTECTED]> wrote: >> >> >> > i know there has been a million threads about openvpn lately, so >> >> its >> >> >> time >> >> >> > to throw mine into the mix too. >> >> >> > >> >> >> > i have 2 sites, with an ipsec tunnel between them. site 1 is >> >> >> > 192.168.125.0/26 and site 2 is 192.168.125.64/26. both sites >> are >> >> >> just a >> >> >> > simple single pfsense box (no carp or redundants or anything >> fancy. >> >> >> the >> >> >> > ipsec vpn works great, and any host at any site can connect to >> any >> >> >> other >> >> >> > host. >> >> >> > >> >> >> > site 2 has the openvpn on it, and i can connect in fine with >> >> windows >> >> >> xp >> >> >> > from the internet. once connected, i can connect to any host at >> >> site2 >> >> >> > with no problems. my issue, is that i cannot traverse the ipsec >> >> vpn >> >> >> to >> >> >> > hosts at site1. >> >> >> > >> >> >> > anyone have any ideas where i can begin to troubleshoot this >> issue? >> >> >> > >> >> >> >> >> >> are you pushing the additional ipsec routes to your openvpn >> clients >> >> >> via the pfsense custom options field? (see the note in the wiki >> docs >> >> >> on how to do this) >> >> > >> >> > And is the OpenVPN range part of the IPSec tunnel? >> >> > >> >> > --Bill >> >> >> >> if i understand your question correctly, no sir, my openvpn range is >> >> seperate. 192.168.125.128/26. >> >> >> >> thank you, >> >> jonathan >> > >> > Then the IPSec definition doesn't match and the traffic won't be >> > forwarded over the tunnel. >> > >> > --Bill >> >> >> ah, i can see how that would be a problem. where do i need to go in the >> gui to ix this? >> > > We don't have an obvious way to add another network to a tunnel. > However, you can create another tunnel with the same endpoints and the > new network in it. It's a little duplication, but it does work. > > --Bill
thank you bill. rather than creating a new vpn tunnel, i just changed the vpn subnet to 192.168.125.112/28 (techically within the 192.168.125.64/26 footprint). this has caused vpn clients to be able to traverse to my 192.168.125.0/26 site1 now. my only inconvenience was that i had to move my site2 dhcp scope a bit, which really isnt a big deal at all. cheers, jonathan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
