Multiple Site to Site and routing



  • Hey everyone,

    I have about 4 site to site VPN IPSec connections setup.

    My main site is cloud hosted using a pfSense 2.4.4 image and connects to my clients' site for remote monitoring and management

    I have a pfSense at my home office that connects to my cloud hosted pfSense.

    What I want to do is to route traffic from my home office to my cloud server then reach my clients' networks.

    Is this possible to do and how?

    I've included a diagram

    Apologies for the duplicate post. I have posted this orginally in the incorrect pfSense forum.

    Thanks!

    0_1541539710594_VPN routing.jpg



  • Which kind of VPN is the that one between your home office and the cloud hosted pfSense, is it also an IPSec?


  • Netgate

    And, What are the existing Phase 2/traffic selector networks between your clients and the central pfSense? How do those relate to everyone.

    You might be able to play some games with NAT but it depends on what is where.



  • @viragomann All site to site VPN connections are using IPSec

    @Derelict

    • The p2 network at my home office is 172.16.0/24

    • The p2 network on my cloud pfSense is 10.1.96.0/24


  • Netgate

    OK

    So to Client A you have a Phase 2 like this:

    pfSense 10.1.96.0/24 <-> 10.1.1.0/24 Client A

    Are the clients averse to you adding more Phase2 networks to their tunnels? Because this would make it work:

    Phase 2 Networks:

    pfSense 10.1.96.0/24 <-> 10.1.1.0/24 Client A
    pfSense 172.16.0.0/24 <-> 10.1.1.0/24 Client A

    pfSense 10.1.96.0/24 <-> 172.16.0.0/24 Home
    pfSense 10.1.1.0/24 <-> 172.16.0.0/24 Home



  • No, they are not averse to this.



  • @derelict Just re-reading this.

    Did you mean I should create additional P2 networks between client A and my home device or on the pfSense that is cloud hosted?


  • Netgate

    Yes. That is one way to do it. The customer sites need to know to send the traffic to your home network via IPsec. Another phase 2 will do that.