OpenVPN over IPsec?

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
bsdwiz
OpenVpn Newbie
Posts: 2
Joined: Tue Apr 05, 2011 7:12 pm

OpenVPN over IPsec?

Post by bsdwiz » Tue Apr 05, 2011 7:16 pm

Is it possible to run OpenVPN over IPsec? By this I mean I first connect into the office using a an IPsec VPN client. Then, once connected I launch OpenVPN gui client and connect to another vpn server running OpenVPN. I've attempted this and I get an IP from the OpenVPN server but that's about it. It stops routing traffic but I stay connected to both the IPsec vpn and the OpenVPN. Also, when I'm in the office and I simply connect to the OpenVPN server from the LAN everything works as expected.

Any help is appreciated.

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: OpenVPN over IPsec?

Post by janjust » Wed Apr 06, 2011 7:19 am

yes this is possible (I've done it in the past).
It depends, of course, on your openvpn setup. Don't use 'redirect-gateway' initially and see if you can reach the VPN endpoint.
Once that is working think about routing.

bsdwiz
OpenVpn Newbie
Posts: 2
Joined: Tue Apr 05, 2011 7:12 pm

Re: OpenVPN over IPsec?

Post by bsdwiz » Thu Apr 07, 2011 10:55 pm

hmm, can't seem to get it to work. If I disable the redirect-gateway the traffic destined for the internet will work but I can't ping anything on the local network that I've specified in the openvpn server config.

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: OpenVPN over IPsec?

Post by janjust » Fri Apr 08, 2011 10:21 am

without your server setup it is impossible to tell exactly what is going on.
If the server-side LAN cannot be reached then either add a route to the server-side GW to make sure that replies for the VPN traffic are sent back to the VPN server , or add masquerading on the VPN server to make it appear as if all traffic is coming from the VPN server itself.

If you can ping the VPN server IP from the client via the IPsec connection then you've proven for yourself that OpenVPN over IPsec does work. The rest is down to routing.

Post Reply