Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi Site VPN - 3 sites with ability to communicate over dual WAN at each site.

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 221 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Paulk201270
      last edited by

      I'm looking for some help with a 3-site VPN framework and the best/most stable way of doing it.

      I have 3 sites. Each site has 2 different PPPoE connections (2 internet providers) for stability. Outgoing/incoming traffic is load balanced across the 2 connections and works well.

      Site A uses internal LAN 172.16.1.0/24
      Site B uses internal LAN 172.16.2.0/24
      Site C uses internal LAN 172.16.3.0/24

      Site A has a client connection on 1st ISP to Site B Server 1st ISP using UDP to port 15000 via 10.0.100.0/24
      Site A has a client connection on 2nd ISP to Site B Server 2nd ISP using UDP to port 15001 via 10.0.101.0/24

      Site B has a client connection on 1st ISP to Site C Server 1st ISP using UDP to port 15002 via 10.0.102.0/24
      Site B has a client connection on 2nd ISP to Site C Server 2nd ISP using UDP to port 15003 via 10.0.103.0/24

      Site C has a client connection on 1st ISP to Site A Server 1st ISP using UDP to port 15004 via 10.0.104.0/24
      Site C has a client connection on 2nd ISP to Site A Server 2nd ISP using UDP to port 15005 via 10.0.105.0/24

      The associated Server and Client certificates and encryption are all connected and operational and all tunnels are actively connected.

      The OpenVPN firewall settings permit all on each site.

      I left local and remote networks empty on the server and client setups as I had Quaga OSPF running on each firewall, and the DR relationship shows both routes to each site.... I have the networks propagated to each other over OSPF this way.

      I am unable to ping any site from an alternate, or access each firewall remotely so I obviously have something filtered or missing. Can someone point me in the right direction on what to check. Is this the appropriate way to connect them or should I alter something. I have remote phones that cannot afford to be disconnected from the primary PBX which is why I am trying to get it working this specific way etc.

      Any help would be greatly appreciated.

      Many thanks
      Paul.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.