3 sites VPN



  • Hi,

    I'm quite a new in pfsense and want to do a "full" openvpn interconnexion between 3 sites as below.

    Site 2 <–----- OPENVPN Tunnel -------> Site 1 (Static IP) <------- OPENVPN Tunnel -------> Site 3

    It is working well, and i can access entirely Site 2 and Site 3 from Site 1 which is main site.

    The probleme is I can't access Site 3 from Site 2 and Site 2 from Site 3.

    Does anyone have a solution for that ?

    Regards



  • You need to ensure you push the appropriate routing information - have you done that?



  • Yes I've done that.
    I've put a static route on pfsense on Site 3 to Site 2 but it didn't work.

    I've added a static route on pfsense on Site 3 (I've put Site 2 's Network Address but what must I do with Static route's gateway info ?)



  • Both sides need to know how to reach the other, otherwise the packets will only get one way.  This means you need static routes for the other subnet on both sides (and in the middle).

    Also, you do have different subnets at all locations?



  • Hi ! And sorry for my english

    I have just set up a vpn with 3 sites
    To done that i add satic routes.
    The gateway to use with route is the ip assign in the adress pool you have configure your tunnel.

    For exemple :

    network :

    site1 : 192.168.1.0/24
    site2 : 192.168.2.0/24
    site3 : 192.168.3.0/24

    Adress pool :

    site1 -> site2 : 10.0.1.0/30
    site1 -> site3 : 10.0.2.0/30

    When the tunnel is up, and if you do an ifconfig on site1 you will see a interface name (tun or tap).
    And in my exemple site1 will have ip 10.0.1.1/30 and at the over side of the tunnel site2 have the ip 10.0.1.2/30

    In the second  pool you will have :
    site1 10.0.2.1/30 and site3 10.0.2.2/30

    So the route to add are :

    On site2 (to join site3 by site1)

    192.168.3.0 255.255.255.0 10.0.1.1

    On site3

    192.168.2.0 255.255.255..0 10.0.2.1

    Note you have to push this two routes on both side in one time, the sites have to know how to respond to the over site.

    Hops it helps you.

    (And sorry again for my english)


Log in to reply