Routing client1 –> VPN1 --> PF1 --> VPN2 --> PF2 --> client2

tyllee · Aug 10, 2011, 8:20 AM

I need help with routing:
client1 (RW1) Net D –> VPN1 Net D --> PF1 --> VPN2 Net E --> PF2 --> client2 Net B

Info:
PF1= PfSense 2.0 local net C
PF2= PfSense 1.2.3 local network B
RW1= Roadwarrior asigned network A from PS1
VPN1=OpenVPN multiple clients Net D
VPN2=OpenVPN site-to-site Net E

Setup:
This OpenVPN route all traffic is working:
RW1 –> VPN1 --> PF1
client1 (Rw1) can ping local-IF Net C at PF1

This OpenVPN site-to-site is working:
PF1 --> VPN2 --> PF2 (Net B)
client 2 can ping local-IF Net C at PF1

Question:
How should I make Client1 (RW1) able to ping Client2?

Client1 (RW1) –> ping --> Client2?

Regards,
Marc

GruensFroeschli · Aug 10, 2011, 10:41 AM

It's simply a matter of setting the correct routes on all the involved devices.

Make sure the roadwarriors get pushed all the needed routes.
Make sure the pf2 knows the route to the roadwarrior subnet.

tyllee · Aug 11, 2011, 5:48 PM

Yes, it was simple.

In PF1 I defined the route
net B using GW lan-if-PF1

In PF2 I defined the route
net D using GW lan-if-PF1

And in OpenVPN i pushed net B to the clients.

tyllee · Nov 8, 2011, 6:35 PM

It's not working after an upgrade of PF2 from 1.2.3 to 2.0…

What am I doing wrong.

All the settings is the same but PF2 is complaining about my gateway that routes traffic to RW1 that it is on the wrong subnet...

The settings is exactly the same as in PF2(1.2.3) but now it's not accepting the gateway that I've been using.

Should I create some kind of VLAN-interface or where is the problem?

I'm trying to set up the routing from PF2-lan to RW1...

Settingup gateway in PF2 (2.0)

Choose which interface this gateway applies to.
LAN net B

Name
Gateway1

Gateway
VPN1-lan-if

Why must VPN1-lan-if be on the same subnet to make PF accept this?

Routing client1 –> VPN1 --> PF1 --> VPN2 --> PF2 --> client2

Settingup gateway in PF2 (2.0)

Gateway VPN1-lan-if

Gateway
VPN1-lan-if