I think I've read somewhere that this is possible but wanted to post and get a definative answer. I have several sites running site-to-site openvpn tunnels (routed mode using tun on Linux) and users at each site can access resources using Windows 7 behind one site from any of the sites.
clients (Win7, etc) -- openvpn client (Linux) ------ tunnel ------- openvpn server (Linux) -- resource servers (IIS mostly, some Apache)
I now want to further the security on these resources by using IPSEC policies - essentially the authorized clients will have to have matching ipsec policies to be able to access the resources. This traffic still needs to route over the site-to-site link.
Can clients using ipsec policies still pass traffic over the site-to-site tunnels? What changes might be needed to ovpn conf, IPTables, etc?
Thanks in advance
