Route VPN traffic through middle man (Site-Site-Site VPN)

  • Hello all.  I'm trying to set up a VPN tunnel through a middleman and I'm wondering if it's possible.  Here is my setup:

    Site 1:

    Site 2: (has an existing IPSec tunnel to Site 1)
    Site 3: (has an existing IPSec tunnel to Site 2)

    I'd rather not create a tunnel from Site 3 to Site 1 (I get charged a monthly fee per P1 tunnel to Site 1)

    Is it possible for me to tunnel from Site 3 through Site 2, and access the network from Site 1 without creating a tunnel between Site 1 and Site 3?

    My situation is that Site 1 is a service provider, and Site 2 and 3 are my sites.  Site 1 has opened a P2 for the network on the P1 tunnel between Site 1 and Site 2.

    If I create a P2 between and on the Site 2-Site3 tunnel, theoretically that would route the traffic to Site 2.

    Then if I created a P2 between and on the Site 1-Site 2 tunnel, that should take the Site 3 traffic to Site 1.

    Am I thinking incorrectly?  This isn't working.

    Thanks for any help.

  • It is possible and should work just fine. I did not test this setup myself on the pfSense however use Fortigate in the corporate environment. It is very popular setup where remote sites are connected to central VPN CONCRENTRATOR and that VPN concentrator is responsible for routing between sites. Remote end-points do not have any additional VPN connections to each other…

    Worth trying. Please share your findings after you implement this.