Allow connection to secondary pfsense box through site-to-site vpn from remote vpn

DeathGrin

Hello All,

What I have setup:
Site A is connected to Site B via openVPN
I have a remote vpn setup for my phone/laptop/tablet/etc. on Site A
I want to be able to access the WebUI for Site B's pfsense box while connected to Site A through Remote VPN.

I have everything setup and am able to connect to Site A via Remote VPN and also have the Site to Site vpn setup successfully. The issue I am running into is I see my attempts to connect to Site B's pfsense box via tcpdump but I see the reply going back out Site B's WAN instead of back through the vpn tunnel. How do I setup the reply to go back out my site to site vpn tunnel to my laptop that is connected to Site A through the remote VPN?

INFO
Site A:
Network - 172.20.2.0/24
VPN tunnel to Site B - 10.0.3.0/29
Remote VPN - 10.0.11.0/29
Allowed rules under Openvpn tab and WAN tab for port xxxx for remote vpn and xxxx for site to site vpn

Site B:
Network - 172.20.1.0/24
VPN tunnel to Site A - 10.0.3.0/29
Allowed rules under openvpn any/any and wan tab for port xxxx for site to site vpn

Let me know if I make no sense at all or if you need more info. Thank you in advance for help!

stephenw10

Both tunnels are OpenVPN?

Likely site B does not have a route back the remote access tunnel subnet at site A. You need to define 10.0.11.0/29 as a remote subnet at site B on the site-to-site tunnel.

Steve

DeathGrin

@stephenw10 said in Allow connection to secondary pfsense box through site-to-site vpn from remote vpn:

Both tunnels are OpenVPN?

Likely site B does not have a route back the remote access tunnel subnet at site A. You need to define 10.0.11.0/29 as a remote subnet at site B on the site-to-site tunnel.

Steve

Hi @stephenw10 where would I add that route to?

stephenw10

It would be via the site A end of the site-to-site tunnel. If you add it as a remote network in the OpenVPN config that will be set for you.

Steve