Multi branch office setup and routing
-
Hello,
I'm just setting up a network infrastructure using pfSense as gateway/vpn-endpoint.
I have several branch offices, each with it's own subnet:
Office A - 192.168.0.0/24
Office B - 192.168.1.0/24
Office C - 192.168.2.0/24All of them are linked using an IKEv2 tunnel each to an instance of pfSense in a datacenter with a "virtual" LAN there - 192.168.100.0/24. This works great, the offices can access ressources in the datacenter LAN and vice versa (having adjusted the firewall settings correctly, of course).
Now I would like to have the opportunity to access ressources in Office B from inside Office A using the established VPN-connections. Therefore I would need to route traffic to 192.68.1.0/24 via the IPSec-tunnel (and not to the standard gateway). I've read in the forum that this is not possible via "routing settings" but you are adviced to add another phase 2 to the existing tunnel(s).
I tried this but couln't figure out how to do it correctly. Could someone please give me a hint, which additional phase 2 settings are required at office a, office b and the datacentre?
Thanks in advance!
Andreas -
+1
-
Why not just add new VPN directly between the offices? Are you trying to route them all thru the primary VPN?
-
Just to answer my own question: I abandoned the plan to do this via IPsec. I now used OpenVPN and it works: define site-to-site connections to your offices and a roadwarrior setup for your mobile devices.