Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote OVPN Client access devices in Remote LAN over OpenVPN Site2Site link?

    Scheduled Pinned Locked Moved OpenVPN
    openvpnopenvpn clientsite-to-siterouting
    4 Posts 2 Posters 1.5k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mpcjames
      last edited by

      Hello, I’m wondering if anyone can shed any light on the below issue, please….

      I am having troubles trying to enable clients (who are remotely connected via OpenVPN client to Site A), to be able to access devices on Site B via an established Site2Site OpenVPN.

      Here’s my current setup:

      Site A (HQ)
      Pfsense LAN IP 10.10.1.1/24
      OpenVPN Server setup in pfsense with tunnel network as 10.0.8.0/24
      Remote Networks set in OpenVPN server config as 10.10.2.0/24

      Site B (BRANCH)
      Pfsense LAN IP 10.10.2.1/24
      OpenVPN Client setup in pfsense with tunnel network as 10.0.8.0/24
      Remote Networks set in OpenVPN server config as 10.10.1.0/24

      The above setup works fine, and devices situated in either site can access all devices on the opposite site through the VPN - perfect.

      At Site A, I also have a second OpenVPN Server setup in pfsense. This is for remote staff with username/password etc.
      It has a tunnel network of 10.0.7.0/24.
      And Remote Networks set in OpenVPN server config as 10.10.1.0/24.

      Windows clients are able to use the OpenVPN client to connect to Site A, and access all resources on the Site A LAN (10.10.1.0/24) - perfect.

      However, I now have a requirement that remote staff need to be able to access devices on Site B, whilst they are connected to the Site A VPN.

      I’m struggling to get the routing correct and wondered if anyone had any ideas, please?

      Currently from a Client connected over the VPN to Site A, I can ping any device in Site A LAN, and I can ping the tunnel interface IP (10.0.7.1). I am also able to ping the other OpenVPN tunnel interface, for the Site2Site VPN, on IP 10.0.8.1 , however I am not able to ping the remote side of that Site2Site link (10.0.8.2). Nor can I ping any devices on the Site B subnet (10.10.2.1/24).

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @mpcjames
        last edited by

        @mpcjames well you need to make sure in this 2nd instance that you list the networks you need to get to..

        This would be the site b network 10.0.2/24 and on site B you would have to setup to get to the other instance tunnel network 10.0.7/24 you need to go down the vpn connection.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

        M 1 Reply Last reply Reply Quote 1
        • M Offline
          mpcjames @johnpoz
          last edited by

          @johnpoz
          That's great thank you, I was just missing the return tunnel network of 10.0.7.0/24 on Site B.
          All working 👍

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator @mpcjames
            last edited by

            @mpcjames glad I could help.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.