Routing between OpenVPN Clients / Headquarter / Site-to-Site



  • I have a full working scenario as follow:

    • Headquarter (site A): LAN 192.168.0.0/24, Pfsense LAN Firewall (192.168.0.190), 1xWAN Interface, OpenVPN Server to enable 50 Mobile PC Connections via Client Software computers (IP class 192.168.2.0/24, firewall has 192.168.2.1 IP) and a Site-to-Site OpenVPN Server (IP class 192.168.10.0/24) to enable a bidirectional communication with a remote location (site B).
    • Remote location (site B): LAN 192.168.126.0/24, PFSense LAN Firewall (192.168.126.254), 1xWAN interface, OpenVPN Client (Firewall OpenVPN IP 192.168.10.2) to enable bidirectional comunication with Headquarter (Firewall OpenVPN server IP 192.168.10.1).
      from Headquarter LAN I can reach both OpenVPN clients,

    What I need now is to be able to reach the network with IP class 192.168.126.0/24 from the network with IP class 192.168.2.0/24 and viceversa. How can I do?

    Thanks for help.

    PS: PFSense is at last version.



  • On site B site-to-site settings add 192.168.2.0/24 to the "Remote Networks" to get the traffic routed over the vpn.
    On site A in access server settings add 192.168.126.0/24 to the "Local Networks" to get the route for this network pushed to the clients.

    For the site-to-site vpn you should have assigned interfaces at both sites.
    Ensure that your firewall rules allow the access between the networks.



  • I was trying what you suggested but I have a problem. Applying first two configurations all continue working well, but when I try to assign interfaces in site A, adding firewall rules, the comunication between site A and site B stops, also if the VPN is up.
    Can you suggest me more specifically what I have to do? Can you tell me in which interface I have to configure firewall rules?

    Thank you



  • Just assign an interface to the openvpn stite to site server at A, open the interface settings and enable it. You also may set a name if you like, but do no further configurations, no IP settings!
    Also assign an interface to the openvpn client at B this way.

    Consider that firewalls rule on the interfaces control incoming traffic. So if you want to allow access from site B LAN to A LAN you need a firewall rule on the LAN interface at B which allow the traffic and also you need a rule on the newly added vpn interface at A allowing the traffic.