Connect VPN Clients to Local network behind other client...
-
Hi Everybody!
I´m struggeling with setting up pfsense as a VPN Server....
I have my main pfsense running in a VM on Proxmox with 2 network interfaces connect. One for WAN and the other one for LAN. I setup a OpenVPN server in Remote Access (SSL/TLS). All the requiered certs and CA is working. So the basic setup is working. I´m using the /30 topology and client specific overrides to make sure all users will get the same IP any time they connect. This is also working fine.
The 3 clients are Windows/MAC machines with OpenVPN client and 3 pfsense boxes running on ALix Board.But here is my problem....
Let my explain my structure first:
Location: Homeoffice
Internet: dynamic IP with DDNS Service
|
|
Router: IP 192.168.178.1
|
|
pfsense: IP 192.168.178.10
|
|
OpenVPN Server with 10.10.1.0/24 tunnel networkLocation: Office 2 (pfsense running on ALix)
Internet: dynamic IP with DDNS Service
|
|
Router: IP 192.168.20.1
|
|wan - 192.168.20.10
pfsense box 1--------------------------------------------------------- connected to VPN Server with 10.10.1.6
|lan - 192.168.2.1 |opt1 - 192.168.1.1Location: Office 3 (pfsense running on ALix)
Internet: dynamic IP with DDNS Service
|
|
Router: IP 192.168.30.1
|
|wan - 192.168.30.10
pfsense box 2--------------------------------------------------------- connected to VPN Server with 10.10.1.10
|lan - 192.168.3.1 |opt1 - 192.168.1.1Location: Office 3 (pfsense running on ALix)
Internet: dynamic IP with DDNS Service
|
|
Router: IP 192.168.40.1
|
|wan - 192.168.40.10
pfsense box 3--------------------------------------------------------- connected to VPN Server with 10.10.1.14
|lan - 192.168.4.1 |opt1 - 192.168.1.1connect from different Locations via DSL or LTE:
User-01: --------------------------------------------------------- connected to VPN Server with 10.10.1.18
User-02: --------------------------------------------------------- connected to VPN Server with 10.10.1.22
User-03: --------------------------------------------------------- connected to VPN Server with 10.10.1.26
All 3 pfsense boxes do connect to the VPN server in the homeoffice without any problem and receiving same IP address any time they connect.
All the user connected through PC/Mac are also getting a unique IP anytime they connect.
I can see all pfsense boxes and users connected in my main pfsense webinterface.
Here is where I want to get to:
I want User-01 only to reach/ping the local net behind OPT1 on pfsense box1,
User-02 only to reach/ping the local net behind OPT1 on pfsense box2,
User-03 only to reach/ping the local net behind OPT1 on pfsense box3The local networks behind OPT1 are all in the same range (192.168.1.0/24) and this could not be changed because there are running machine with fixed IP addresse in this range.
I´m pretty sure, that this will need some routes and firewall rules, but I really have no idea where to start with.
Would be fine if someone could give me a idea about where to start......
Thank you!!
-
Conflicting Subnets are nasty and you should avoid them and renumber.
Anyway here is some workaround for your problem https://www.netgate.com/docs/pfsense/vpn/openvpn/connecting-openvpn-sites-with-conflicting-ip-subnets.html-Rico
-
Hi Rico,
thank you for your answer. I had a look to your link. I think this would work, but if the subnet on LAN on the pfsense boxes is changed I need to reconfigure everything.
Is there no option like:
On the VPN Server:
Route ALL traffic from User-01 to VPN network of pfsense box1On the Pfsense Box side:
Route ALL traffic on VPN network to OPT1 networkSorry for my question, but I´m a beginner with OpenVPN and pfsense...
Thank you so much for your support.