Multiple VPNs talking to each other



  • Sorry, I've searched a bit, and I'm still not sure what to do, I'm not quite understanding the iroute vs route / push route and where the options need to go (server side, client side?).

    Scenario.
    Main office A 10.1.1.0/24
    Remote office B 10.1.2.0/24
    Remote office C 10.1.3.0/24

    I have 3 instances of OpenVPN servers running at Main Office A:
    Site to Site for B
    Site to Site for C
    Remote Access for Road Warriors

    All 3 are working:
    A & B can talk to each other.
    A & C can talk to each other.
    Road warriors can talk to A

    What I would like is:
    1.) for B&C to be able to talk to each other.
    2.) for the road warriors to be able to also talk to B&C while connected to A.

    What's the best way to tackle this?



  • In pfSense you can configure this on the GUI. There is no need to enter a route or iroute command.

    In the client config of site B the "IPv4 Remote network/s" box should look like this:

    10.1.1.0/24,10.1.3.0/24,<Access server tunnel network>
    

    on site C:

    10.1.1.0/24,10.1.2.0/24,<Access server tunnel network>
    

    Replace <Access server tunnel network> to match your road warriors tunnel network.

    And in the Access server modify the "IPv4 Local network/s":

    10.1.1.0/24,10.1.2.0/24,10.1.3.0/24
    

    Ensure that you have firewall rules in place on all nodes that permit the access you need.



  • @dlogan said in Multiple VPNs talking to each other:

    10.1.3.0/24

    Thanks for the response. It works like a charm for the remote access VPN, but I'm still not able to get B & C talking to each other through A. Do I need to change the server settings at site A to allow this?

    At all 3 sites I have allow all traffic on the firewall rules for OpenVPN



  • Have you already added interfaces to the OpenVPN instances on A?



  • I did not create interfaces for them. Should I?



  • In some scenarios that's necessary for handle the routing with multiple VPNs.
    Just assign an interface to the VPN instance and enable it.

    Otherwise check the routes on site B and C and use traceroute to find out where the packets go to.