Multiple VPNs talking to each other
-
Sorry, I've searched a bit, and I'm still not sure what to do, I'm not quite understanding the iroute vs route / push route and where the options need to go (server side, client side?).
Scenario.
Main office A 10.1.1.0/24
Remote office B 10.1.2.0/24
Remote office C 10.1.3.0/24I have 3 instances of OpenVPN servers running at Main Office A:
Site to Site for B
Site to Site for C
Remote Access for Road WarriorsAll 3 are working:
A & B can talk to each other.
A & C can talk to each other.
Road warriors can talk to AWhat I would like is:
1.) for B&C to be able to talk to each other.
2.) for the road warriors to be able to also talk to B&C while connected to A.What's the best way to tackle this?
-
In pfSense you can configure this on the GUI. There is no need to enter a route or iroute command.
In the client config of site B the "IPv4 Remote network/s" box should look like this:
10.1.1.0/24,10.1.3.0/24,<Access server tunnel network>on site C:
10.1.1.0/24,10.1.2.0/24,<Access server tunnel network>Replace <Access server tunnel network> to match your road warriors tunnel network.
And in the Access server modify the "IPv4 Local network/s":
10.1.1.0/24,10.1.2.0/24,10.1.3.0/24Ensure that you have firewall rules in place on all nodes that permit the access you need.
-
@dlogan said in Multiple VPNs talking to each other:
10.1.3.0/24
Thanks for the response. It works like a charm for the remote access VPN, but I'm still not able to get B & C talking to each other through A. Do I need to change the server settings at site A to allow this?
At all 3 sites I have allow all traffic on the firewall rules for OpenVPN
-
Have you already added interfaces to the OpenVPN instances on A?
-
I did not create interfaces for them. Should I?
-
In some scenarios that's necessary for handle the routing with multiple VPNs.
Just assign an interface to the VPN instance and enable it.Otherwise check the routes on site B and C and use traceroute to find out where the packets go to.