Hello, I have two tunnels connected to VyOS router - one is OpenVPN and the second is traditional Site-to-Site IPSec.
(10.24.33.0/24) Network A ---- (OpenVPN) ---- VyOS ---- (VPN/IPSec) ---- Network B (192.168.44.0/24).
Public Internet (eth0, 51.15.17.11) — VyOS — Network C (eth1, 192.168.33.1/24)
I have successfully created tunnels from Network A to VyOS and from Network B to VyOS.
OpenVPN configuration:
openvpn vtun10 {
encryption {
cipher aes256
}
local-port 1194
mode server
openvpn-option duplicate-cn
persistent-tunnel
protocol udp
server {
push-route 192.168.33.0/24 {
}
push-route 192.168.44.0/24 {
}
subnet 10.24.33.0/24
}
tls {
ca-cert-file /config/auth/ovpn/ca.crt
cert-file /config/auth/ovpn/Server-01.crt
dh-file /config/auth/ovpn/dh.pem
key-file /config/auth/ovpn/Server-01.key
}
use-lzo-compression
}
Site-to-Site configuration:
site-to-site {
peer 11.12.13.14 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group SiteSCW-ike
ikev2-reauth inherit
local-address 10.68.82.75
tunnel 0 {
allow-nat-networks disable
allow-public-networks disable
esp-group SiteSCW-esp
local {
prefix 192.168.33.0/24
}
remote {
prefix 192.168.44.0/24
}
}
}
When I connect to OpenVPN server (51.15.17.11), I’m able to ping/access only devices on 192.168.33.0/24 subnet, but I have to have access to devices on 192.168.44.0/24 network which is on the other end of the Site-to-Site tunnel.
In the same way, I cannot ping OpenVPN device from any device behind 192.168.44.0/24, but in the same time I can easily ping from 192.168.44.0/24 to 192.168.33.0/24.
I’m not sure, why there is no default routing between vtun10 and eth1 interfaces by default? How could I solve the routing issue between tunnels?
Thanks.