Communication Between Clients of Multiple OpenVPN Sites
-
Hi,
I have two totally separate sites with Pfsense OpenVPN services running.
Site A:
Has Openvpn server with Remote Access (SSL/TLS+User Auth) mode
Clients get connected with this openvpn server using a Public IP and everything is working fine.
Tunnel Network: 172.27.224.0/24
LAN Network: 10.10.12.0/24Site B:
Has Openvpn server with Remote Access (SSL/TLS+User Auth) mode
Clients get connected with this openvpn server using a Public IP and everything is working fine.
Tunnel Network: 172.27.225.0/24
LAN Network: 10.10.13.0/24Goal/Requirement:
I need to establish communication between OpenVPN clients of Site-A with Site-B. As currently openvpn clients of a site are able to communicate with clients of their respective site only.
Do I need to setup a third Pfsense and setup Peer to Peer Openvpn connectivity with current sites (server-client mode) and route the LAN & Openvpn tunnel subnets of current sites?
Any recommendation on designing the solution? Keeping in mind that sites can be increased from 2 to more in future.Thank you.
-
Add 10.10.13.0/24 as a Local Network in the OpenVPN server configuration at Site A.
Make sure the OpenVPN firewall rules at Site B pass the traffic from that source network.
-
@derelict
Hi,Agreed but before this how I can setup connectivity between these sites located at different geographical locations? I need to setup connectivity between both sites first, then I will add LAN subnets in openvpn configurations and modify firewall as you suggested.
Note: Both sites have Public IP. Do I need to setup peer to peer openvpn connectivity between sites of openvpn first?
-
Yes.
-
Your tunnel networks need to be in the same subnet 172.27.224.0/30 would work for both of them.