Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing for Multi-Hop VPNs help?

    Scheduled Pinned Locked Moved
    Routing and Multi WAN
    2
    4
    95
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DaHai8
      last edited by

      Not sure where else to go - except down this rabbit hole...

      I am trying to set up where I can VPN Client into my home network VPN Server and have that forwarded to my home network VPN Client that is connected to a remote VPN server. Make sense?
      A Multi-Hop VPN configuration.

      I have a pfSense 4 port router.

      On port 4 is subnet 192.168.3.0/24
      It has a VPN Client (ClientA) on 192.168.3.3 and it is set as the Gateway for that subnet.
      If it receives destination ip address for any of the local subnets, it forwards them to the pfSense router ip:
      192.168.2.0/24 via 192.168.3.1 dev eth0 proto static
      192.168.1.0/24 via 192.168.3.1 dev eth0 proto static
      Any other ip addresses are fowarded to the VPN server (ServerA)
      This all works properly.

      I am trying to add a VPN server (ServerB) at 192.168.3.4 with gateway of 192.168.3.3 .
      I wish to use a remote VPN Client (ClientB) to connect to ServerB and then forward on the packets to ClientA, which sends local network packets to the router and all others to remote ServerA.
      I've opened ports via the NAT page to forward the ClientB connection to ServerB.
      And I've added a port rule for the ClientB ip address to go straight to the pfSense Router and not ClientA (hoping this sends return packets back to ClientB)
      132.32.54.8 via 192.168.3.1 dev eth0 proto static

      But all this does not seem to work. It does not connect to ServerB - probably because the return packets are going 'elsewhere'.

      I tried moving ServerB to a different subnet (192.168.2.0/24) and I can connect with ClientB and access my home network, but I don't know how to route packets from ServerB across the subnets to ClientA.

      These are all my own VPN Clients and Servers so I can change their configurations at any time as needed. It is not possible to connect ClientB directly to ServerA, and I do not wish to explain why.

      Please let me know if you need more info or have any ideas what to check or where to go for self-help.

      Thank you!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @DaHai8
        last edited by

        @DaHai8 said in Routing for Multi-Hop VPNs help?:

        I am trying to set up where I can VPN Client into my home network VPN Server and have that forwarded to my home network VPN Client that is connected to a remote VPN server. Make sense?

        In some specific cases, maybe.

        What's the sense of running multiple routers and VPN servers and clients on different devices?
        It might be easier to set up all these on pfSense.

        1 Reply Last reply Reply Quote 0
        • D
          DaHai8
          last edited by DaHai8

          So I move ServerB back to 192.168.3.4, the same subnet as ClientA(192.168.3.3) .

          And I changed the default gateway on ServerB to be the pfSense Router (192.168.3.1) instead of the default gateway ClientA.
          And that worked...at least I could connect to ServerB from ClientB.
          But of course, it did not forward any packets to ClientA and onto ServerB.

          So now I'm just trying to figure out how to do that...

          D 1 Reply Last reply Reply Quote 0
          • D
            DaHai8 @DaHai8
            last edited by

            @DaHai8
            Works! Just had to find the correct client ip address to create a routing exception in ServerB !
            Woohoo!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post