Routing OpenVPN traffic through IPsec tunnel

Support
1

Hi,

i configured my OpenVPN to connect my iPhone via VPN. Also i configured an Site-to-Site IPSec tunnel to a FritzBox Lan (Trying to set up IPsec Tunnel NS->Fritzbox).

Now i connected my iPhone via VPN and i was wondering why i can´t reach the devices in the Fritzbox Lan which is connected via IPsec.

Can anybody tell me which route i have to define to make it work?

2

No idea?

3

Maybe @harry @EddieA @Hunv or @davide_marini could help you!

4

Hi prostream,
there are many things to control…
first of all : in your ipsec tunnel you should also declare the openvpn network, otherwise the packets won’t flow in the ipsec tunnel.
In the nethserver you can do it easily just adding the openvpn network (in CIDR notation) after the green one, they just need to be comma separed.
In the Fritzbox you should do the same , but I don’t know in which way cause I don’t know the fritzbox.

Once you added this network just try to reach some hosts over the IPsec tunnel, if you can’t do it it’s possibile that some personal firewall or AV in the destination host are blocking packets from no local networks …

5

Hi @davide_marini
sorry for late response.

My IPSec configuration looks like this:

config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:192.168.179.0./24,%v4:192.168.177.0./24
        oe=off
        # Enable this if you see "failed to find any available worker"
        # nhelpers=

conn Site-to-Site
        authby=secret
        auto=add
        type=tunnel
        aggrmode=yes
        left=%defaultroute
        leftid=@MYDYNDNSNAME
        leftnexthop=%defaultroute
        leftsourceip=192.168.177.21
        leftsubnet=192.168.177.0/24
        right=%any
        rightsubnet=192.168.179.0/24
        rightid=@EXTERNALDYNDNSNAME
        ike=aes256-sha1;modp1024
        phase2=esp
        phase2alg=aes256-sha1;modp1024

So can you tell me where to declare the openvpn network?

The nethserver “trusted networks” shows this:

Pasted image1078×127 6.77 KB

172.16.1.0 is my OpenVPN virtual network.
192.168.177.0 is my LAN
192.168.179.0 is the other site LAN
192.168.78.0 is a test network for IPSec Client-to-Site

Which green network did you mean?
Do you mean to add it here?:

Pasted image1302×179 9.79 KB

I cannot add a Network behind my LAN IP adress of the green device. There is an error message: