Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple Site to Site and routing

    Scheduled Pinned Locked Moved IPsec
    9 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nappy_d
      last edited by

      Hey everyone,

      I have about 4 site to site VPN IPSec connections setup.

      My main site is cloud hosted using a pfSense 2.4.4 image and connects to my clients' site for remote monitoring and management

      I have a pfSense at my home office that connects to my cloud hosted pfSense.

      What I want to do is to route traffic from my home office to my cloud server then reach my clients' networks.

      Is this possible to do and how?

      I've included a diagram

      Apologies for the duplicate post. I have posted this orginally in the incorrect pfSense forum.

      Thanks!

      0_1541539710594_VPN routing.jpg

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Which kind of VPN is the that one between your home office and the cloud hosted pfSense, is it also an IPSec?

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          And, What are the existing Phase 2/traffic selector networks between your clients and the central pfSense? How do those relate to everyone.

          You might be able to play some games with NAT but it depends on what is where.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • N
            nappy_d
            last edited by

            @viragomann All site to site VPN connections are using IPSec

            @Derelict

            • The p2 network at my home office is 172.16.0/24

            • The p2 network on my cloud pfSense is 10.1.96.0/24

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              OK

              So to Client A you have a Phase 2 like this:

              pfSense 10.1.96.0/24 <-> 10.1.1.0/24 Client A

              Are the clients averse to you adding more Phase2 networks to their tunnels? Because this would make it work:

              Phase 2 Networks:

              pfSense 10.1.96.0/24 <-> 10.1.1.0/24 Client A
              pfSense 172.16.0.0/24 <-> 10.1.1.0/24 Client A

              pfSense 10.1.96.0/24 <-> 172.16.0.0/24 Home
              pfSense 10.1.1.0/24 <-> 172.16.0.0/24 Home

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              N 1 Reply Last reply Reply Quote 0
              • N
                nappy_d
                last edited by nappy_d

                No, they are not averse to this.

                1 Reply Last reply Reply Quote 0
                • N
                  nappy_d @Derelict
                  last edited by nappy_d

                  @derelict Just re-reading this.

                  Did you mean I should create additional P2 networks between client A and my home device or on the pfSense that is cloud hosted?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Yes. That is one way to do it. The customer sites need to know to send the traffic to your home network via IPsec. Another phase 2 will do that.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • N
                      nappy_d
                      last edited by

                      So if I did this right this is what I did but it is not working.

                      The following was added to the customer's pfSense.

                      0_1542168612801_Screen Shot 2018-11-10 at 12.09.43 PM.png

                      I added this to my Home Office pfSense

                      0_1542168832712_Screen Shot 2018-11-10 at 12.07.45 PM.png

                      Nothing was added to the Cloud pfSense but no luck.

                      Any thoughts?

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.