Trying to Understand how can I access the main netowrks from a downstream networks

johnpoz

Can you draw this up please, then I would be happy to help.

This vpn is a site to site?

xlameee

I have an idea, but I am not sure that this is the best way to go!!!!

What if I create an other VLAN let say VLAN141 and then BRIDGE that VLAN to "STORAGE (OPT2 int) (VLAN 70)" on my main pfsense box and then from vmware (Where windows server is installed) I add an 2nd interface on VLAN141 port group and add a static IP without gateway so it won't confuse Bill Gates :)

Would this solve my problem

johnpoz

No bridging is not the answer!

Draw this up - I have read over your post a few times and just not clicking how you have this stuff connected.. Where is this main box - some other site?

xlameee

@johnpoz No the mainbox is on the same site with the down stream and Yes it is a site-to-site VPN

johnpoz

So breakout some crayons or whatever and put it on paper ;) So we can see what networks are where.. If its same site - why are you connected via a vpn?

you have a downstream network at site A, and then this other site B that is connect to A via vpn can not get to the downstream networks at site A?

If you have downstream at A, where is the routing and transit network shown?

You have this?

What can not talk to what? Adjust to how you have it setup if need be, and put in your networks, etc. But a downstream network needs to be connected via a transit or you will run into asymmetrical routing issues. Or you have to do host routing, or you have to nat the downstream, etc.

xlameee

I did my best

OFFICE SITE 1 is the VPN site-to-site server all other are clients each of the clients have to go to the server first before go anywhere else

johnpoz

Ok that is a start.. Where are the networks.. You call it a downstream switch.. So its doing routing? If so how is it connected. Where is the transit? What are the networks your VMs are connected to?

Is that core switch also a L3 doing routing?

Why are you doing a site to site vpn for that pfsense located at site 1?

And then you have another pfsense VM that is also connected via vpn - and it has a network(s) behind it? That windows server for example?

xlameee

@johnpoz sorry those 2 switches are not connected

None of the switches are routing they are L3 switches but not routing. PFSENSE is the router DNS DHCP and so on

johnpoz

Huh? They sure look like there connected to the esxi host to me ;) So your pfsense vm is the one doing the routing.. Again why is it on a vpn if its located in site 1?

What is the point of the main box pfsense? If there is nothing behind it you need to get to?

xlameee

@johnpoz there is a lots of stuff behind the main box one of them is freenas all I need to do is this windows server 2016 to have access to and freenas smb shred storage without going trough the VPN server to office site 1 and back

ANY IDEA