Openvpn Site to Site + Roadwarrior
My current setup is the following:
Site to site OpenVPN managed by PFSense
Lan subnet: 192.168.0.0/24
Lan subnet: 192.168.4.0/24
Connected via a tunnel 10.0.8.0
I have a pool of addresses 192.168.2.0 that are used by mobile remote users that connects via SITE1 openVpn server (of course a second one, on the same pfsense box)
When a remote user connects can see all the machines on the SITE 1 subnet, but cannot access to SITE2 IPs.
In a similar setup, but with IPSEC for the site to site part, I simply set up a second phase 2 with remote pool as local subnet on SITE1 and as remote subnet on SITE2.
How to make both subnets accessible at the remote user?
Thank you in advance
A lot of visits and no replies means that doesn't exist a reliable way to do this, or that I cammot explain clearly my issue? English is not my native language so maybe it can be ununderstandable.
Just like you have to add another phase 2 in IPsec you have to tell the site-to-site servers about the other networks.
The Remote Access has to have 192.168.4.0/24 as a local network unless it has redirect gateway set.
The site-to-site has to have 192.168.2.0/24 set as a local network in the server or as a remote network in the client if using PSK.
But… The site to site is openvpn too and doesn't have phases (as long as I know). The mixed openvpn-ipsec is another setup, in another network that is not connected to this One, that I bought as example of working setup
You have to add sites 2 LAN 192.168.4.0/24 to the "IPv4 Local network(s)" of the roadwarrior settings for pushing this route to the clients.
At a high level:
You need to push the Site 2 Lan subnet (192.168.4.0/24) to your clients in the roadwarrior's OpenVPN config
You need to add a route for the roadwarrior's tunnel network (192.168.2.0/24) in the Site 2 OpenVPN config