Branch Office over MPLS

rickh925

I have been trying to get a connection from my main office to my branch office over OpenVPN to stabilize over the last month. In the mean time, I want to revert back to the MPLS link that is still active. Let me illustrate my network (setup before I arrived on the scene…). I searched, but can't quite find the scenario I'm working with as you will see below (MPLS IP address).

Home office:
10.0.0.0/24 (em1)
Gateway is 10.0.0.254 connected to BrightHouse 74.x.x.x (em0)
OpenVPN interface is 10.0.8.1
10.0.0.47 (em2) connected to MPLS interface 10.0.0.100 (disconnected at the moment)

Branch Office:
10.0.1.0/24 (em1)
Gateway is 10.0.1.254 connected to BrightHouse (em0)
OpenVPN interface is 10.0.8.2
MPLS interface is 10.0.1.100 (disconnected at the moment)

I want to keep the BrightHouse Internet at the Home office and route all traffic from the Branch Office over MPLS to the Home Office for either the 10.0.0.0/24 network or the Internet. I tried this by setting a static route from the Home office to Branch over the MPLS via em2, but I suspect that there is a problem with routing.

I can change the default gateway for all of the computers at the branch office to 10.0.1.100 no problem. The problem is what to do on the Home office side. I need to be able to go from Home Office to Branch Office and Branch Office to Home office and both locations to the Internet.

I can put together a diagram if that would help. Any thoughts?

Thanks
Rick

chpalmer

Im trying to remember how this is set up between a couple of our sites.

I believe that our "remote" site is connected to the MPLS via its WAN port and that on the opposite "home" site connects to a LAN port. However this is a vendor setup and is actually routing VOIP circuits on another type of router. Everything is static.  Might be worthless information or give you ideas. Either way…    :)

rickh925

Before I inherited this setup, the MPLS link was from the telco equipment to the local switch at the remote location and to the third NIC in a custom Linux firewall solution on the Home Office side. That firewall died the day I took over (oh the joy) so I don't know how it was configured.

I am still trying to figure out the routing logic on this one and am open to almost anything at this point. I may even call Windstream and get them to change the LAN interface IPs to something like 10.0.10.0/24 to get it out of the LAN subnet on each network.

rick

chpalmer

https://forum.pfsense.org/index.php?topic=69588.msg380413#msg380413    Ive got several of these (openvpn) links working into my primary box. Works very well.  :)

Looks to me that at your home office your em1 and em2 interfaces need to be bridged.  Then into the remote side with a 10.0.0.0/24 address on a WAN port. I also believe that MPLS needs VLAN tagging but there again I could be wrong.