Site to multisite vpn

lir · Jul 6, 2006, 10:57 AM

There are 4 different sites, each with it's own IP address on the Internet and running PFsense.
Is it possible to link them all together with vpns through pfsense?

How can it be done?

hoba · Jul 6, 2006, 11:15 AM

It is possible. I would do a mesh for this situation (add a tunnel from each location to each location) to keep traffic only between the locations the traffic belongs and to reduce delays.

So it would look like:
location 1 has tunnels to location 2,3,4

location 2 has tunnels to location 1,3,4

…

Make sure each location has a unique lan subnet.

lir · Jul 6, 2006, 12:04 PM

ahh ok cool
but technically if i do:

location 1 -> tunenl to location 2
location 2 -> tunnel to location 3
location 3 -> tunnel to location 4
location 4 -> tunnel to location 1

then there will still be connectivity because of the so called shared route between all of these,
so that would work too, right?

hoba · Jul 6, 2006, 3:16 PM

No, as the tunneldefiniton only matches the 2 subnets local and remopte of the tunnel it only would pass traffic between
1-2
2-3
3-4
4-1

Traffic between
1-3
1-4
2-4
…
wouldn't work

You really should build a mesh unless you want to have a lot of parallel tunnels which also leads to shutting down bandwidth at a location where the traffic doesn't belongs as it is going in and out there.

JeGr · Jul 7, 2006, 7:44 AM

Yeah, had sth like the mentioned question at some customers location. That was really weird, as you sat in the net of, let's say #2 and #1 transferred large amounts of data thorugh #2 to subnet #3. The guys'n'gals at location #2 always wondered, why their net connection is that damn lame ;)

For the sake of bandwith you should really consider Hobas recommendation :)