Open VPN site to site +multiple clients
Hi to all,
I have configured OPEN VPN Remote Access SSL\TLS + User Auth , works fine :)
Now i have request to connect one more location and leave existing users who connect via VPN clinet from WIndows .
Task : Make site to multiple client sites , and leave possibility to connect via Windows\Linux client.
What is the best choice for this configuration ?
Thank you all !
You can have as many OpenVPN site to site instances mixed with as many OpenVPN Remote Access instances as you want.
There is no limitation in pfSense. :-)
Hi Rico :)
Thank you for your answer ! Can use existing configuration of server and only add client sites ? For Remote Access SSL\TLS + User Auth i cannot find proper documentation.
Server mode Remote Access (SSL/TLS + User Auth) is for lets say "End User" connections only.
For Site to Site you create another Instance with Server mode Peer to Peer (SSL/TLS) or Peer to Peer (Shared Key)
There is a LOT of great documenation:
Thank you so much !
I need site to site connection ( location A server site and location B client site + client PC in many location ( commercial managers ) . What is the best config ?
Of course i will read documentation :)
NogBadTheBad last edited by NogBadTheBad
I'd be tempted to use routed IPSec, have a look at:-
I will rather use OPEN VPN . Thank you !
Personally I always use Certificates (SSL/TLS): https://docs.netgate.com/pfsense/en/latest/book/openvpn/site-to-site-example-configuration-ssl-tls.html
My Options are:
- TLS Configuration: Use a TLS Key
- TLS Key usage mode: TLS Encryption and Authentication
- DH Parameter Length: 2048 bit
- Encryption Algorithm: AES-256-GCM
- Enable NCP: OFF
- Auth digest algorithm: SHA256
- Certificate Depth: One (Client + Server)
- Compression: LZ4-v2
- Topology: Subnet
Maybe you want to disable compression because of the VORACLE attack: https://forum.netgate.com/topic/133930/new-openvpn-attack-demo-d-at-defcon