Multiple Site to Site and routing
-
Hey everyone,
I have about 4 site to site VPN IPSec connections setup.
My main site is cloud hosted using a pfSense 2.4.4 image and connects to my clients' site for remote monitoring and management
I have a pfSense at my home office that connects to my cloud hosted pfSense.
What I want to do is to route traffic from my home office to my cloud server then reach my clients' networks.
Is this possible to do and how?
I've included a diagram
Apologies for the duplicate post. I have posted this orginally in the incorrect pfSense forum.
Thanks!
-
Which kind of VPN is the that one between your home office and the cloud hosted pfSense, is it also an IPSec?
-
And, What are the existing Phase 2/traffic selector networks between your clients and the central pfSense? How do those relate to everyone.
You might be able to play some games with NAT but it depends on what is where.
-
@viragomann All site to site VPN connections are using IPSec
-
The p2 network at my home office is 172.16.0/24
-
The p2 network on my cloud pfSense is 10.1.96.0/24
-
-
OK
So to Client A you have a Phase 2 like this:
pfSense 10.1.96.0/24 <-> 10.1.1.0/24 Client A
Are the clients averse to you adding more Phase2 networks to their tunnels? Because this would make it work:
Phase 2 Networks:
pfSense 10.1.96.0/24 <-> 10.1.1.0/24 Client A
pfSense 172.16.0.0/24 <-> 10.1.1.0/24 Client ApfSense 10.1.96.0/24 <-> 172.16.0.0/24 Home
pfSense 10.1.1.0/24 <-> 172.16.0.0/24 Home
-
No, they are not averse to this.
-
@derelict Just re-reading this.
Did you mean I should create additional P2 networks between client A and my home device or on the pfSense that is cloud hosted?
-
Yes. That is one way to do it. The customer sites need to know to send the traffic to your home network via IPsec. Another phase 2 will do that.
