Communication Between Clients of Multiple OpenVPN Sites



  • Hi,

    I have two totally separate sites with Pfsense OpenVPN services running.

    Site A:
    Has Openvpn server with Remote Access (SSL/TLS+User Auth) mode
    Clients get connected with this openvpn server using a Public IP and everything is working fine.
    Tunnel Network: 172.27.224.0/24
    LAN Network: 10.10.12.0/24

    Site B:
    Has Openvpn server with Remote Access (SSL/TLS+User Auth) mode
    Clients get connected with this openvpn server using a Public IP and everything is working fine.
    Tunnel Network: 172.27.225.0/24
    LAN Network: 10.10.13.0/24

    Goal/Requirement:
    I need to establish communication between OpenVPN clients of Site-A with Site-B. As currently openvpn clients of a site are able to communicate with clients of their respective site only.
    Do I need to setup a third Pfsense and setup Peer to Peer Openvpn connectivity with current sites (server-client mode) and route the LAN & Openvpn tunnel subnets of current sites?
    Any recommendation on designing the solution? Keeping in mind that sites can be increased from 2 to more in future.

    Thank you.


  • Netgate

    Add 10.10.13.0/24 as a Local Network in the OpenVPN server configuration at Site A.

    Make sure the OpenVPN firewall rules at Site B pass the traffic from that source network.



  • @derelict
    Hi,

    Agreed but before this how I can setup connectivity between these sites located at different geographical locations? I need to setup connectivity between both sites first, then I will add LAN subnets in openvpn configurations and modify firewall as you suggested.

    Note: Both sites have Public IP. Do I need to setup peer to peer openvpn connectivity between sites of openvpn first?


  • Netgate

    Yes.



  • Your tunnel networks need to be in the same subnet 172.27.224.0/30 would work for both of them.