Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Routing Site-to-Site tunnel to Remote Access VPN tunnel

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      buomque
      last edited by

      Main Office Configuration:
      Local network: 192.168.10.1

      Main Office Site-To-Site VPN server:
      IPv4 Tunnel Network: 192.168.90.0/24
      IPv4 Remote network(s): 192.168.110.0/24, 192.168.111.0/24

      Main Office Remote Access VPN server:
      IPv4 Tunnel Network: 192.168.80.0/24
      IPv4 Local network(s): 192.168.10.0/24, 192.168.110.0/24, 192.168.111.0/24

      Satellite Facility #1 Configuration:
      Local network: 192.168.110.1

      Satellite Facility Site-To-Site #1 VPN Client:
      IPv4 Tunnel Network: 192.168.90.0/30
      IPv4 Remote network(s): 192.168.10.0/24, 192.168.80.0/24

      Satellite Facility #2 Configuration:
      Local network: 192.168.111.1

      Satellite Facility Site-To-Site #2 VPN Client:
      IPv4 Tunnel Network: 192.168.90.0/30
      IPv4 Remote network(s): 192.168.10.0/24, 192.168.80.0/24

      I create a new interface for 192.168.90.0/24 tunnel, called Site-To-Site
      I create a new interface for 192.168.80.0/24 tunnel, called Remote Access

      From Main Office Site-To-Site VPN server:, I can access both 192.168.110.0/24 and 192.168.111.0/24

      My laptop is connecting to Remote Access tunnel. How can I do routing, so that my laptop can get to all LAN networks which are accessible from Main Office Site-To-Site VPN server:?

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        At a high level, you would need to push each LAN you want to access to out to your clients and then enter the remote access tunnel network in the config of each remote location.

        You also don't need to create interfaces unless you're doing policy routing.

        1 Reply Last reply Reply Quote 0
        • B
          buomque
          last edited by

          Thanks for the info Marvosa!

          One more question, is there a way to route all available LANs from site-to-site tunnel to Remote Access tunnel? Or pushing each LAN is a more proper way to do?

          1 Reply Last reply Reply Quote 0
          • D
            drummrman85
            last edited by

            If I understand your original post correctly, you appear to have a similar circumstance as mine. I have a main office in NY that is connected to an office in Atlanta via S2S VPN. Users also want to be able to remotely access their network from home and have access to files on both servers. Two questions for you:

            1. Is what you described in your original post capable of doing that (that's what it looks like to me)

            2. Can you elaborate on how you achieved this? I understand, conceptually, the need to push to the client, but what exactly were the steps you took?

            Thanks, I know this thread is a little old, but I'm trying to figure out to route traffic such that users can connect from home and access files on servers at each office.

            1 Reply Last reply Reply Quote 0
            • M
              marvosa
              last edited by

              @buomque:

              Thanks for the info Marvosa!

              One more question, is there a way to route all available LANs from site-to-site tunnel to Remote Access tunnel? Or pushing each LAN is a more proper way to do?

              buomque, it depends on what kind of solution you want to end up with.  One way to achieve your objective is going full tunnel, but then all traffic is routed down the tunnel.  If you want to stay split tunnel, then every subnet you want access to will need to be pushed out to your clients.

              @drummrman85:

              If I understand your original post correctly, you appear to have a similar circumstance as mine. I have a main office in NY that is connected to an office in Atlanta via S2S VPN. Users also want to be able to remotely access their network from home and have access to files on both servers. Two questions for you:

              1. Is what you described in your original post capable of doing that (that's what it looks like to me)

              2. Can you elaborate on how you achieved this? I understand, conceptually, the need to push to the client, but what exactly were the steps you took?

              Thanks, I know this thread is a little old, but I'm trying to figure out to route traffic such that users can connect from home and access files on servers at each office.

              drummrman85, he may or may not answer, but regardless… I would start a new thread and provide specifics so we can offer targeted guidance based on the details of your network

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.