Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need a mobile client OpenVPN to reach a site behind another Openvpn site-2-site

    OpenVPN
    3
    4
    324
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • shepradorS
      sheprador
      last edited by

      Openvpn.drawio.png

      Hello,
      I need to be able to do with OpenVPN something that I used to do with IPSec, which there is called "Hub and spoke": with a laptop I connect to site A and see the LAN, without problems. (all traffic from the client is routed through the VPN as soon as it is established).
      Now, Site A is also connected with Site B via a site-to-site VPN.
      I would like the client that connects to Site A (192.168.0.0.(24) to also be able to reach the networks of Site B (192.168.30.0/24,10.100.0.0/24 and 10.150.0.0/24).
      Do you know if and how it is possible to do this?
      Thank you

      V JKnottJ 2 Replies Last reply Reply Quote 0
      • V
        viragomann @sheprador
        last edited by

        @sheprador said in Need a mobile client OpenVPN to reach a site behind another Openvpn site-2-site:

        with a laptop I connect to site A and see the LAN, without problems. (all traffic from the client is routed through the VPN as soon as it is established).

        You mean, all upstream traffic is routed through the VPN, i.e. you have checked "redirect gateway" in the server settings.

        Then you need to route the remote access server tunnel network from B to A.
        How to do this, depends on the site-to-site setup. Assuming A is the server, just add the tunnel road warrior tunnel network to the remote networks at B.

        shepradorS 1 Reply Last reply Reply Quote 1
        • JKnottJ
          JKnott @sheprador
          last edited by JKnott

          @sheprador

          You'll have to ensure there's a route from the mobile client to B. Normally, you'd manually configure a route to B from A. The client will use A as the default route and then A will forward packets to B and back.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • shepradorS
            sheprador @viragomann
            last edited by

            @viragomann

            Thank you. It worked following your indication.

            For the benefit of others I add that I did this.

            On the server - which is Site B in the schema - I added the CIDR of the client remote access VPN tunnel (10.10.10.0/24).

            Then in VPN / OpenVPN / edit the VPN Server and
            add 10.10.10.0/24 in IPv4 Remote network(s)

            Then, in VPN / OpenVPN / Client Specific Overrides I had to add the exact same thing in (10.10.10./24 IPv4 Remote Network/s)

            If I had added the tunnel route only in the server configuration or only in Client Specific Overrides I saw that it didn't work.

            thank you very much

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.