• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Inherited Client moving from MPLS to VPN

Scheduled Pinned Locked Moved Firewalling
2 Posts 2 Posters 1.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rickh925
    last edited by Nov 25, 2013, 4:54 AM

    Hopefully this is the right forum. I've used PFSense for some time with other clients, but not quite at this level. I inherited a client literally from a guy that died.  :'(

    The current configuration is two offices with 20-25 workstations each, ESXi at both locations, Exchange at Location 1. Most workstations are using static IPs although as I am joining them to the Win2k8 domain I am converting them to DHCP. There is an MPLS link between the two locations as shown below. Location 2 routes all traffic through Location 1 then onto the Internet. There are lots of reasons to get away from this and give Internet connectivity to both offices directly. So, they have added BrightHouse 70/5 to both locations and want me to link them together with a VPN/firewall. The new connections are just terminated at the modems at each location so the cart isn't completely in front of the horse.

    I don't really want to change the IP ranges (Location 1 is 10.0.0.0/24 and Location 2 is 10.0.1.0/24). Both locations need to use server resources at the other location. I can summarize them as 10.0.0.0/22 so I do plan to stay with these ranges unless someone has a better solution.

    I can use anything for the site-to-site link but need to also have mobile VPN capability for about 5 users with access to both locations without having to VPN into each Location depending on where they need resources. I think that will be no problem if the mobile user VPNs to Location 1 and needs resources at Location 2 but I need to look into that a little more.

    Anyway, if anyone has any suggestions I'm open. I have an ESXi 5 server at each location with two open NICs that I plan to use for PFSense.

    Rick

    1 Reply Last reply Reply Quote 0
    • P
      phil.davis
      last edited by Dec 6, 2013, 1:07 PM

      This should be no problem to implement. I use OpenVPN and a site-to-site link between those 2 subnets is easy. I have 2 main offices like that (plus branches) and put a road warrior OpenVPN server listening at each main office. Users can have the OpenVPN client installed with 2 configs, for connection to either office, so if one is down they can try the other. Give each Road Warrior server a subnet and include that wherever you mention a remote office LAN in the "Remote Networks" box when you setup the OpenVPN link/s. That way Location 2 can have a route to Location 1 LAN and Location 1 Road Warrior subnets, and vice versa.

      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received