Hi, I've been pondering my network setup for a while and decided to ask for help. My company has an OpenVPN AS running on an Ubuntu server and also on that server there's an IPSec tunnel towards a remote gateway between subnets 10.0.1.0/24 <--> 172.30.239.0/25.
OpenVPN client IP pool is 10.0.1.0/24 -- same as the local end of the IPSec tunnel.
I want OpenVPN clients to be able to do
and get their traffic routed through the OpenVPN and then IPSec tunnel. All other traffic should just go through OpenVPN and then to the internet.
The IPSec tunnel works correctly, as I am able to execute
from the OpenVPN AS machine, so it seems there is just some routing/policy missing. I have tried configuring this from the OAS web UI, trial-and-erroring all options that came to mind but with no success. Could you advise? Can this configuration be done just by using the UI or do I need some custom OS-level routes/iptables? If the latter, can you please suggest what those should be?
More information about this case is described in this question:
https://serverfault.com/questions/10649 ... the-server
Thank you in advance!