I have OpenVPN server and client configured on two OpenWrt routers and the connection is working. I'm trying to tunnel through this OpenVPN connection via an IPSEC VPN client and it connects, I can ping and access some machines on the network but cannot access some critical machines, and I can RDP to one machine I need to use but the connection drops shortly after.
Am I trying to achieve something that is not possible? Are the two protocols causing too much latency?
I can OpenVPN from location 1 and browse the internet as if I am in location 2
PC@location1 -> router with OpenVPN client -> internet -> router with OpenVPN server@location2 -> internet
Now I want to tunnel through that working connection to connect to an IPSEC VPN server that won't allow connections from location1
IPSEC VPN Client installed on PC@location1 -> router with OpenVPN client -> internet -> router with OpenVPN server@location2 -> internet -> IPSEC VPN Server -> local network
Tunnel IPSEC VPN through OpenVPN?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Aug 21, 2021 4:20 am
- openvpn_inc
- OpenVPN Inc.
- Posts: 1332
- Joined: Tue Feb 16, 2021 10:41 am
Re: Tunnel IPSEC VPN through OpenVPN?
Hi Rob22,
I doubt it's due to the multiple protocols in use, but sure, too much latency hurts something like RDP. If you managed to connect at all, that means your routing is correct on both sides.
Regards, rob0 (or rob$((22-22)) perhaps)
I doubt it's due to the multiple protocols in use, but sure, too much latency hurts something like RDP. If you managed to connect at all, that means your routing is correct on both sides.
Regards, rob0 (or rob$((22-22)) perhaps)
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jul 18, 2024 8:10 am
Re: Tunnel IPSEC VPN through OpenVPN?
Same question, , on Linux, outer tunnel should be OpenVPN, inner tunnel should be IPSEC by vpnc. vpnc is failing.
I'm quite sure it's because of the MTUs.
The only way I got it working: An Android device doing wireless client and also access point, establishing the OpenVPN and sharing via access point. The Linux machines wifi interface set to MTU 1200, then doing vpnc.
I tried doing the same one the Linux client only. First establishing the OpenVPN, then starting vpnc with --ifmtu 1200. First it connects and I'm able to ping clients behind, but soon after it stops working with
The difference is, that only the tun interface gets MTU 1200. Before when using the Android device as router, I can set the physical interface to MTU 1200. Any idea how to achieve that on the Linux machine only?
I'm quite sure it's because of the MTUs.
The only way I got it working: An Android device doing wireless client and also access point, establishing the OpenVPN and sharing via access point. The Linux machines wifi interface set to MTU 1200, then doing vpnc.
I tried doing the same one the Linux client only. First establishing the OpenVPN, then starting vpnc with --ifmtu 1200. First it connects and I'm able to ping clients behind, but soon after it stops working with
Code: Select all
vpnc: quick mode response rejected: (ISAKMP_N_INVALID_MESSAGE_ID)(9)
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jul 18, 2024 8:10 am
Re: Tunnel IPSEC VPN through OpenVPN?
Talking at #openvpn we got some things clearer now. If establishing the inner vpnc tunnel fails then it's is never about the vpnc MTU because this only affects the tunneled data. It can only be about the outer OpenVPN MTU. This is 1300 by default set by the administrators OpenVPN config. I just set it to 1200 now and the vpnc seems to work.. But why exactly? And which is the best MTU? Just increasing until it fails and then setting -1 ?
What happens if an MTU is too large? Decreasing MTU actually would only lead to fragmented packets and degraded throughput, but why is some tunneled connection failing at all?
What happens if an MTU is too large? Decreasing MTU actually would only lead to fragmented packets and degraded throughput, but why is some tunneled connection failing at all?
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jul 18, 2024 8:10 am
Re: Tunnel IPSEC VPN through OpenVPN?
I got it working somehow by setting MTU 1300 on the physical interface.