Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route VPN traffic through middle man (Site-Site-Site VPN)

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 952 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tubal
      last edited by

      Hello all.  I'm trying to set up a VPN tunnel through a middleman and I'm wondering if it's possible.  Here is my setup:

      Site 1: 192.168.237.0/24

      Site 2: 10.5.0.0/24 (has an existing IPSec tunnel to Site 1)
      Site 3: 10.5.1.0/24 (has an existing IPSec tunnel to Site 2)

      I'd rather not create a tunnel from Site 3 to Site 1 (I get charged a monthly fee per P1 tunnel to Site 1)

      Is it possible for me to tunnel from Site 3 through Site 2, and access the 192.168.237.0 network from Site 1 without creating a tunnel between Site 1 and Site 3?

      My situation is that Site 1 is a service provider, and Site 2 and 3 are my sites.  Site 1 has opened a P2 for the 10.5.1.0/24 network on the P1 tunnel between Site 1 and Site 2.

      If I create a P2 between 10.5.1.0/24 and 192.168.237.0/24 on the Site 2-Site3 tunnel, theoretically that would route the 192.168.237.0/24 traffic to Site 2.

      Then if I created a P2 between 10.5.1.0/24 and 192.168.237.0/24 on the Site 1-Site 2 tunnel, that should take the Site 3 traffic to Site 1.

      Am I thinking incorrectly?  This isn't working.

      Thanks for any help.

      1.png
      1.png_thumb

      1 Reply Last reply Reply Quote 0
      • nsi-fusionN
        nsi-fusion
        last edited by

        It is possible and should work just fine. I did not test this setup myself on the pfSense however use Fortigate in the corporate environment. It is very popular setup where remote sites are connected to central VPN CONCRENTRATOR and that VPN concentrator is responsible for routing between sites. Remote end-points do not have any additional VPN connections to each other…

        Worth trying. Please share your findings after you implement this.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.