Site to multisite vpn
-
There are 4 different sites, each with it's own IP address on the Internet and running PFsense.
Is it possible to link them all together with vpns through pfsense?How can it be done?
-
It is possible. I would do a mesh for this situation (add a tunnel from each location to each location) to keep traffic only between the locations the traffic belongs and to reduce delays.
So it would look like:
location 1 has tunnels to location 2,3,4location 2 has tunnels to location 1,3,4
…
Make sure each location has a unique lan subnet.
-
ahh ok cool
but technically if i do:location 1 -> tunenl to location 2
location 2 -> tunnel to location 3
location 3 -> tunnel to location 4
location 4 -> tunnel to location 1then there will still be connectivity because of the so called shared route between all of these,
so that would work too, right? -
No, as the tunneldefiniton only matches the 2 subnets local and remopte of the tunnel it only would pass traffic between
1-2
2-3
3-4
4-1Traffic between
1-3
1-4
2-4
…
wouldn't workYou really should build a mesh unless you want to have a lot of parallel tunnels which also leads to shutting down bandwidth at a location where the traffic doesn't belongs as it is going in and out there.
-
Yeah, had sth like the mentioned question at some customers location. That was really weird, as you sat in the net of, let's say #2 and #1 transferred large amounts of data thorugh #2 to subnet #3. The guys'n'gals at location #2 always wondered, why their net connection is that damn lame ;)
For the sake of bandwith you should really consider Hobas recommendation :)
