How to route site-to-site vpn through pfSense to peer-to-peer?
I'm sure this is possible, just that I'm not figuring it out.
Here is the scenario. Site A is IP address segment 192.168.10.x Site B is IP address segment 192.168.50.x. Site A is an OpenVPN client to a OpenVPN host at Site B with a site-to-site OpenVPN host.
Right now I have no issues passing traffic between both sites. Since Site A is on a dynamic IP, and the ISP is using private address space, there is no way to setup up a direct peer-to-peer VPN into Site A.
Site B currently has a peer-to-peer OpenVPN host. When connecting a client (phone, PC) there is no problem accessing Site B (192.168.50.x) resources.
What I'd like to be able to do is to open a peer-to-peer session into Site B, and then use that connection to access resources at site A. Seems to be a routing issue, but not sure how to do this.
PC Client ------ tunnel network 10.0.23.0/24 ------ Site B (192.168.50.x) ------ tunnel network 10.0.22.0/24 ----- Site A (192.168.10.x)
If it is a TLS OpenVPN setup, add 10.0.23.0/24 to the Local Networks on the OpenVPN server on Site B.
If it is a shared key OpenVPN setup, add 10.0.23.0/24 to the Remote Networks at Site A.
Did it work?
Same network. Is it possible to NAT from the the outside IP of site B thru the site-to-site VPN to a specific machine on site A?
I tried a simple NAT (port 80) to the outside IP on router B to an IP on Site A, but no luck.
Fairly advanced OpenVPN concept though.
You have to assign an interface to the OpenVPN client instance at Site A and be sure that the port-forwarded traffic does not match the firewall rules on the Site A side's OpenVPN tab and only matches a firewall rule on the assigned interface tab at Site A. This gets reply-to working there preventing the reply traffic from the port-forward target host from being routed out the default gateway at Site A and routing back through the tunnel instead.
I am not certain this specific use case was covered but you might do well to watch this: