OpenVPN between Main Office and 15 branch office + few road warriors



  • Hello everyone,

    I have done lot of reading about setting up OpenVPN. I am bit confused.
    Here's my requirement :

    All Branch Offices (15)  should be able to connect to Main Office. No communication required between Branch Offices.
    Also there are few road warriors who should be able to connect to Main Office.

    MY Settings:

    Main Office Local LAN : 90.0.0.0/24
    Branch Offices Local LAN : 192.168.[1-15].0/24

    Steps @ Main Office PFSense box running 2.3.2:

    Created a CA VPNServerCA
    Created a user with cert with VPNServerCA (For Road warriors)

    Used OpenVPN wizard to setup server.
    Here are the details:

    Server Mode      : SSL/TLS with user auth   
    Protocol            : UDP
    Device Mode      : tun
    Tunnel Network : 172.16.1.0/24
    Local Network    : 90.0.0.0/24

    Using Client Export I have downloaded the client installer and it is working perfect for Road Warriors.

    Now to connect the Branch Offices,  the same OpenVPN Server Instance will work or I have to create a new OpenVPN Instance @ Server at Main office ?

    Do I have to use

    Server Mode as Peer to Peer SSL/TLS    or    Peer to Peer Shared Key (I have 15 branches)
    Tunnel Network as 172.16.2.0/24 
    Local LAN as 90.0.0.0/24

    Do I have to setup remote LAN as 192.168.1.0/20 ( I am confused here).

    Do I have  to do some other custom settings or client override settings.

    Please Help.

    Regards,
    Ashima



  • Hi,

    Is there any more info that I need to provide. Basically I need to know, Do I need to run two instances of OPENVPN Server –- One for the road warriors and other for branches (site to site).

    Can all the branches get connected to same OpenVPN Server Instance ?

    Please help.
    Thank you,
    Ashima


  • Netgate

    I would probably use two instances for that. One for all the sites-to-sites and one for the remote access.

    If asked, I will always recommend SSL/TLS for both, but especially the site-to-site so you can push settings from the central server.

    Just discussed a similar site-to-site here yesterday:

    https://forum.pfsense.org/index.php?topic=126484.msg698638#msg698638



  • Thank You Derelict for responding.

    Yes, I am  now running two instances of Openvpn server –- one for the road warrior and other for connecting all the sites.

    Although it turned out to be quite simple, in case any one wants a step by step guide please let me know.

    Thank you,

    Ashima