Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route openvpn clients through site-to-site vpn

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      streetsfinest
      last edited by

      hello guys,

      i have a little question about routing and openvpn.
      first a little graphic for better understanding:

      I have succesfully configured a site-to-site openvpn as shown in the graphic. From the pfsense01 i can reach the network of pfsense02.
      From pfsense02 i can reach the network of pfsense 01. That works fine!
      From my OpenVPN clients with the ip range of 192.168.20.0/28 i can reach the network of pfsense01. Now i want to reach the network of pfsense02.
      Which settings should i have to do?

      Thanks in advance :)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You didn't specify which node is the server for the site-to-site.

        Bottom line is you need to push the route 192.168.100.0/26 to mobile clients and push the route 192.168.20.0/28 to pfSense02.

        If pfSense01 is the server for the site to site then add 192.168.20.0/28 to the list of local networks on the site-to-site server and 192.168.100.0/26 to the list of local networks on the mobile server.  Pretty sure that's all you'll need.

        That and make sure your OpenVPN firewall rules on pfSense01 and pfSense02 pass the appropriate traffic.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • S
          streetsfinest
          last edited by

          first, thank you for the fast reply!
          you are right, pfsense01 is the server for the site-to-site and also the openvpn server.
          i will try that and give a feedback!

          1 Reply Last reply Reply Quote 0
          • S
            streetsfinest
            last edited by

            Short feedback:

            it works perfect, thank you very much!

            1 Reply Last reply Reply Quote 0
            • M
              Mat1987
              last edited by

              sorry if sounding stupid.  same sort of issue i have.

              How do i push the routes?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                If pfSense01 is the server for the site to site then add 192.168.20.0/28 to the list of local networks on the site-to-site server and 192.168.100.0/26 to the list of local networks on the mobile server.  Pretty sure that's all you'll need.

                You'll have to customize it for your own IP scheme or start a thread with your specifics.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • M
                  Mat1987
                  last edited by

                  I have posted a thread but no answers as of yet. just saw this and thought maybe this is the issue im having

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.