Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Communication Between Clients of Multiple OpenVPN Sites

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 590 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sohailab
      last edited by

      Hi,

      I have two totally separate sites with Pfsense OpenVPN services running.

      Site A:
      Has Openvpn server with Remote Access (SSL/TLS+User Auth) mode
      Clients get connected with this openvpn server using a Public IP and everything is working fine.
      Tunnel Network: 172.27.224.0/24
      LAN Network: 10.10.12.0/24

      Site B:
      Has Openvpn server with Remote Access (SSL/TLS+User Auth) mode
      Clients get connected with this openvpn server using a Public IP and everything is working fine.
      Tunnel Network: 172.27.225.0/24
      LAN Network: 10.10.13.0/24

      Goal/Requirement:
      I need to establish communication between OpenVPN clients of Site-A with Site-B. As currently openvpn clients of a site are able to communicate with clients of their respective site only.
      Do I need to setup a third Pfsense and setup Peer to Peer Openvpn connectivity with current sites (server-client mode) and route the LAN & Openvpn tunnel subnets of current sites?
      Any recommendation on designing the solution? Keeping in mind that sites can be increased from 2 to more in future.

      Thank you.

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Add 10.10.13.0/24 as a Local Network in the OpenVPN server configuration at Site A.

        Make sure the OpenVPN firewall rules at Site B pass the traffic from that source network.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 1
        • S Offline
          sohailab
          last edited by sohailab

          @derelict
          Hi,

          Agreed but before this how I can setup connectivity between these sites located at different geographical locations? I need to setup connectivity between both sites first, then I will add LAN subnets in openvpn configurations and modify firewall as you suggested.

          Note: Both sites have Public IP. Do I need to setup peer to peer openvpn connectivity between sites of openvpn first?

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            Yes.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • chpalmerC Offline
              chpalmer
              last edited by

              Your tunnel networks need to be in the same subnet 172.27.224.0/30 would work for both of them.

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.