Routing to site via site

l0rdrav3n

Im trying to find out how to route from (Site A) to (Site C) using (Site B)

![routing pfsense.png](/public/imported_attachments/1/routing pfsense.png)
![routing pfsense.png_thumb](/public/imported_attachments/1/routing pfsense.png_thumb)

heper

the usual way i guess … by adding routes

perhaps you should state the exact problem

l0rdrav3n

What im trying to do is use OpenVPN into one site, and still be able to access the other 2 sites. I don't actually know how to setup the routes. I have one pfsense at my house that i want to use as the OpenVPN server, and then i have 2 site to sites running, one to my friends house, and one to my office at work.

viragomann

@l0rdrav3n:

What im trying to do is use OpenVPN into one site

In the picture above you wrote, both tunnels are IPSec, here you write they're OpenVPN. Now what?
Since the routing settings are to be done in the vpn, you have to declare.

l0rdrav3n

Ok, sorry, let me clarify. the site to site is done using IPSEC, the road warriors are using OpenVPN

so, openvpn to the site 192.168.90.x, 9.0 is ipsec to 90.0 and 33.0 is ipsec to 90.0 as in my simple diagram. the main site is the small circle with the 90.0/23 subnet.

i want to setup routes so that openvpn connects to 90.0, yet can access machines on the 9.0 and the 33.0 subnets

viragomann

So you need to route back OpenVPN tunnel addresses to the head office over the IPSec tunnels.

I'm not very familiar with IPSec, I only use OpenVPN. However, as far as I know, you can achieve this by adding a second phase 2 setup for the additional subnet to the config on both sites.
I.e. on headoffice add a second phase 2 to each IPSec vpn, same as the first one except at "Local Network" enter the OpenVPN access servers tunnel subnet.
Also on each remote IPSec tunnel endpoint add an additional phase 2, same as the first except at "Remote Network" enter the OpenVPN tunnel network.

Hope this helps, otherwise it'd be better to ask for help on this in the IPSec forum: https://forum.pfsense.org/index.php?board=16.0

Derelict

172.16.33.0**/16** ??

You need IPsec Phase 2 entries for both LANS to the OpenVPN tunnel network.

And the OpenVPN clients need to know to pass traffic for those remote LANs to the OpenVPN tunnel. If you are using redirect gateway that should already be happening. If not you need to push those routes to the clients.

As always, firewall rules have to pass the traffic as it enters pfSense.

Too many inconsistencies in your description to be more specific.