VPN Client - Connect to Site to Site VPN

stephen21

Hello

PFsense Version - 2.4.5-RELEASE-p1 (amd64)

We have various PFsense installs, providing a very good and reliable, Site to Site solution.

We also use the equally good and reliable, Greenbow VPN Client to provide remote access to one of the Sites.

I am looking for suggestions as to how I can reconfigure the Site A PFSense to allow the a remote VPN client, to access other sites (Site B), over the site to site VPN connections

See attached / Below

Existing Config:-

Required Config:-
The Remote VPN to have access to Site B while connected to Site A

Suggestions appreciated

Thank you

viragomann

@stephen21
In the remote VPN settings on A add the site B networks to the "Local Networks".

At B add the remote access tunnel network to the "Remote Networks".

Care that the access is allowed in firewall rules.

stephen21

@viragomann said in VPN Client - Connect to Site to Site VPN:

@stephen21
In the remote VPN settings on A add the site B networks to the "Local Networks".

At B add the remote access tunnel network to the "Remote Networks".

Care that the access is allowed in firewall rules.

Hi
Thanks for your suggestion, but these settings are already made otherwise site to site access would not be possible..

My problem is to allow the Remote Client to have access to both Site A and Site B, while only connected to Site A

Thank you

NOCling

Your Network IP concept is not good, you can not route straight Site A - Site B.
Use a second P2 with 192.168.150.x or change the IP for mobile Clients to 192.168.(2/3/4).x and use 192.168.0.0/22 to route in P2.

milew

I think the firewall is the problem. Show us what rules you have set on the IPSec interface in location A and B. Note that the source is 192.168.150.x.
What masks do the IP address pools have?

bingo600

@stephen21 said in VPN Client - Connect to Site to Site VPN:

@viragomann said in VPN Client - Connect to Site to Site VPN:

@stephen21
In the remote VPN settings on A add the site B networks to the "Local Networks".

At B add the remote access tunnel network to the "Remote Networks".

Care that the access is allowed in firewall rules.

Hi
Thanks for your suggestion, but these settings are already made otherwise site to site access would not be possible..

My problem is to allow the Remote Client to have access to both Site A and Site B, while only connected to Site A

Thank you

Your Site A <--> Site B VPN would work fine without Site B knowing about the "Dial-in" VPN Lan.

But Site B , would not know how to route packets back to the "Dial-in" VPN clients (via Site A) , unless you have done as @viragomann says.

/Bingo