Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Double OpenVPN config on single network WAN>LAN>WAN2>LAN2

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 420 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mumer8637
      last edited by

      Greetings,

      I have my network setup as follows:

      0_1533810420975_Projekt_pfSense.png

      The two CAT6 cables between Site A eth3 and Site B eth 0 are a security issue for me as they are openly available for anyone to splice and gain access to my network. To remedy this, I intend to encrypt everything in between Site A eth3 and Site B eth 0 using OpenVPN.

      I intend to have a local VPN tunnel between Site A eth 3 and Site B eth 0. And to make things complicated, this has to be in addition to a VPN tunnel I already have between Site B and a remote server in Germany. This tunnel has a few exempted ports and thats what the VPN tunnel between Site A eth 3 and Site B eth 0 is for.

      To further try to explain, lets say the traffic generated at Site B goes through LAN (eth3) to WAN (eth2) where it is encrypted (with a few ports excempted). This (semi) encrypted traffic goes to LAN (eth1) and then to WAN (eth0) where it is fully encrytpted before going to Site A LAN (eth3) where it is decrypted (I can therefore access the ports for SMB, Plex etc here). Then the remaining (semi) encrypted traffic goes on to the remote server in Germany.

      Can anyone please advice how to set this up in pfSense?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Honestly, in that case I would probably use IPsec.

        There really isn't enough information provided to make any recommendations. Need to know how the subnets are defined, etc.

        Zero idea what you are doing with that eth1 - eth2 loop at Site B, for instance.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.