Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - Site-to-Site - Clients Connectivity

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 607 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fgmoyses
      last edited by

      Hi,

      I've OpenVPN configured between three sites:

      CONFIG DETAILS

      Main Office - Server
      10.1.0.0/24

      Branch 01 - Client
      192.168.1.0/24

      Branch 02 - Client
      192.168.0.0/24

      SCENARIO

      The branches offices can connect, ping and access resources on Main Office (vice-versa).

      But I need that the Branches Offices can connect, ping and access resources between them either (Branch 01 and Branch 02).
      What configuration do I need to do ?

      Thanks

      Frederico.

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        You didn't mention which pfSense version you're using in all this?

        If this is the same configuration as your previous thread (https://forum.pfsense.org/index.php?topic=93729.msg520236#msg520236, then the simplest solution IMHO is to change your setup slightly so that the HO has only 1 OpenVPN server that handles both BrO1 and BrO2.

        You tell the OpenVPN server about all the remote networks in a comma separated list entered in "IPv4 Local Network/s" (192.168.1.0/24, 192.168.0.0/24 in your case).
        You use the Client Specific Configurations on the server to specify which remote network gets routed to which client (this has to be currently working or your dual server setup wouldn't be working now)

        The BrO1 and BrO2 clients both connect to the same HO OpenVPN server and the CSC settings make sure things are routed where they need to go.  The server hands out all external routes to both clients so they understand how to get to each other's networks (through the server).

        The only other way is to setup say, BrO1 as it's own additional OpenVPN server and add a client from Br02 to Br01.

        -jfp

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.