Open VPN Site to Site and Remote Clients Combination
New to the world of pfsense and would like someone to shed some light on the topic
lan 2 :192.168.20.0/24
Site to SIte connection with Open VPN has been established. The Server runs on the main office using as a tunnel network :192.168.100.0/24 and all lans from main and remote office are accessible from any location
In the main office a Server for Remote Acceess(SSL/TLS) has been also configured, using the tunnel network 192.168.110.0/24 and also all the local networks from the two locations have been added to the IPv4 local network(s) field.
Connection has been tested from remote mobile and windows clients and it works fine.
The only drawback is that the remote clients can access the resources available only to the main office. They can not ping anything in the remote office.
How can we make available all the resouirces from both , main and remote office, to Remote clients??
If a step by step guide exists or a video tutorial showcasing this it would help a lot.
Many thanks in advance guys
bingo600 last edited by bingo600
Sound a bit like a routing issue.
Did you remember to include the "Dialin Client ip ranges" in the Openvpn L2L Servers "Local network" , and the Openvpn Client L2L "remote networks".
Do you have "Dialin Client" have default gateway via the "Server" or ?
This might not be the way to do it on your setup.
I'm using /30 nets for L2L connections.
Btw: And I have no idea why people are selecting /24 for a P2P L2L link.
All you need is to add the respective networks to the OpenVPN settings to add the routes.
In the main office remote access settings add all your local networks (main and remote office) to "Local Networks". This pushes the routes to the clients.
In the remote office OpenVPN settings add 192.168.110.0/24 (access server tunnel network) to the "Remote Networks". This sets the route on the remote site to direct responses to access servers clients requests back to the main office.
Dialin Client ip ranges
Thanks a lot for your advice guys; The dial in tunnel was not added to the Site 2 Site remote networks list, therefore could not be routed.