Hi prostream,
there are many things to control…
first of all : in your ipsec tunnel you should also declare the openvpn network, otherwise the packets won’t flow in the ipsec tunnel.
In the nethserver you can do it easily just adding the openvpn network (in CIDR notation) after the green one, they just need to be comma separed.
In the Fritzbox you should do the same , but I don’t know in which way cause I don’t know the fritzbox.
Once you added this network just try to reach some hosts over the IPsec tunnel, if you can’t do it it’s possibile that some personal firewall or AV in the destination host are blocking packets from no local networks …
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=%v4:192.168.179.0./24,%v4:192.168.177.0./24
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=
conn Site-to-Site
authby=secret
auto=add
type=tunnel
aggrmode=yes
left=%defaultroute
leftid=@MYDYNDNSNAME
leftnexthop=%defaultroute
leftsourceip=192.168.177.21
leftsubnet=192.168.177.0/24
right=%any
rightsubnet=192.168.179.0/24
rightid=@EXTERNALDYNDNSNAME
ike=aes256-sha1;modp1024
phase2=esp
phase2alg=aes256-sha1;modp1024
So can you tell me where to declare the openvpn network?
172.16.1.0 is my OpenVPN virtual network.
192.168.177.0 is my LAN
192.168.179.0 is the other site LAN
192.168.78.0 is a test network for IPSec Client-to-Site
Which green network did you mean?
Do you mean to add it here?: