Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN between Main Office and 15 branch office + few road warriors

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      ashima LAYER 8
      last edited by

      Hello everyone,

      I have done lot of reading about setting up OpenVPN. I am bit confused.
      Here's my requirement :

      All Branch Offices (15)  should be able to connect to Main Office. No communication required between Branch Offices.
      Also there are few road warriors who should be able to connect to Main Office.

      MY Settings:

      Main Office Local LAN : 90.0.0.0/24
      Branch Offices Local LAN : 192.168.[1-15].0/24

      Steps @ Main Office PFSense box running 2.3.2:

      Created a CA VPNServerCA
      Created a user with cert with VPNServerCA (For Road warriors)

      Used OpenVPN wizard to setup server.
      Here are the details:

      Server Mode      : SSL/TLS with user auth   
      Protocol            : UDP
      Device Mode      : tun
      Tunnel Network : 172.16.1.0/24
      Local Network    : 90.0.0.0/24

      Using Client Export I have downloaded the client installer and it is working perfect for Road Warriors.

      Now to connect the Branch Offices,  the same OpenVPN Server Instance will work or I have to create a new OpenVPN Instance @ Server at Main office ?

      Do I have to use

      Server Mode as Peer to Peer SSL/TLS    or    Peer to Peer Shared Key (I have 15 branches)
      Tunnel Network as 172.16.2.0/24 
      Local LAN as 90.0.0.0/24

      Do I have to setup remote LAN as 192.168.1.0/20 ( I am confused here).

      Do I have  to do some other custom settings or client override settings.

      Please Help.

      Regards,
      Ashima

      1 Reply Last reply Reply Quote 0
      • A Offline
        ashima LAYER 8
        last edited by

        Hi,

        Is there any more info that I need to provide. Basically I need to know, Do I need to run two instances of OPENVPN Server –- One for the road warriors and other for branches (site to site).

        Can all the branches get connected to same OpenVPN Server Instance ?

        Please help.
        Thank you,
        Ashima

        1 Reply Last reply Reply Quote 0
        • DerelictD Offline
          Derelict LAYER 8 Netgate
          last edited by

          I would probably use two instances for that. One for all the sites-to-sites and one for the remote access.

          If asked, I will always recommend SSL/TLS for both, but especially the site-to-site so you can push settings from the central server.

          Just discussed a similar site-to-site here yesterday:

          https://forum.pfsense.org/index.php?topic=126484.msg698638#msg698638

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • A Offline
            ashima LAYER 8
            last edited by

            Thank You Derelict for responding.

            Yes, I am  now running two instances of Openvpn server –- one for the road warrior and other for connecting all the sites.

            Although it turned out to be quite simple, in case any one wants a step by step guide please let me know.

            Thank you,

            Ashima

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.