Site to Site and Server-Client VPN in same Pfsense?
-
Hi,
I've got two PfSense servers, one in main main office and other in far branch office.
I made "peer to peer connection" with two PfSense on port 1194 and connected branch office to main office.
But I also want to connect portable clients (from home) to main office. I created on server more on the main office pfsense on port 1195 but I cold not connect portable clients to main server?First of all, is this condition possible? May I create two server on main office pfsense?
Regards,
Mucip:) -
@mucip said in Site to Site and Server-Client VPN in same Pfsense?:
May I create two server on main office pfsense?
You really could create as many as you wanted that your connection and horsepower of your pfsense could handle..
-
Dear @johnpoz,
Yes, I folowed turorila video from youtube and now I have two server working on the Main Office PfSense.
I connected from home now and branch office also connected to main office. :)But one quick question: I can not ping the branch office IP block? Can I connect/ping to any IP from branch office while I connected to main office from home?
both me and branch office PfSense are connected to main office PfSense. So can I connect to Branch Office IP block via this VPN connection?Regards,
Mucip:) -
@mucip said in Site to Site and Server-Client VPN in same Pfsense?:
So can I connect to Branch Office IP block via this VPN connection?
So you want to vpn into the main office remote access vpn. and access services at the branch via the s2s vpn. Yes that is quite common setup, just needs to be configured correctly..
-
Dear @johnpoz ,
Any configuration sample or video which you can advice please?Regards,
Mucip:) -
@mucip not sure why you would need a "video" its as simple as adding the correct remote networks to the correct places. And sure making sure your firewall rules allow, etc..
Here is a thread with your exact question
https://forum.netgate.com/topic/158075/combining-remote-access-vpn-with-site-to-site-vpn
Answer given in 2nd post..
edit: I always like a drawing for talking points.. So here is simple example setup
First thing is make sure you have no overlapping networks.. The RA client isn't going to be able to go down the vpn to get to remote networks, if his local network overlaps any of the networks available via the vpn.
Now how does this remote client know to go down the vpn to get to 192.168.2? That has to be listed in the RA setup so he knows to come down the vpn to get to either 192.168.1 or 2, or this RA needs to be setup so clients use the RA as their default gateway, and send all traffic down this vpn.
Now how does does remote site know that to get to the RA tunnel network, and the client 172.16.1 he needs to send that down the s2s vpn..
If you understand these basic concepts, it becomes clear.. Also you need to make sure that any firewall rules allow for these other networks..
hope that helps ;)
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@johnpoz ,
Thanks. I lost internet connection from Branch office now unfortunatelly.
I will check and inform.Regards,
Mucip:) -
@johnpoz
I added the IP block with comma but could not get result unfortunatelly. Maybe I wrong understood. :(Main office is 192.168.0.0/24
Branch Office is 192.168.8.0/24Site to site site IPV4 Tunel network is 172.16.10.0/24
Accress server IPV4 Tunel network is 176.100.200.0/24Where am I wrong?
Edit:
Well, I just realized your edited post.
OK. I will check your drawing and inform you.Regards,
Mucip:) -
@mucip How can one access Bank Password Generator Device?
-
@bhadness
Sorry?... I could not understand?Regards,
Mucip:) -
@johnpoz ,
Drawing is very clear, thanks. Well, which fileds should I change in the VPN config page?Regards,
Mucip:) -
@mucip You know what is bank password generator device right?
-
@bhadness ,
No...Regards,
Mucip:) -
@mucip wish I could show you right now
️ -
@mucip It's a device that generates passwords and tokens in the bank
-
@bhadness
OK... What is the relationship with my problem than?Regards,
Mucip:) -
@mucip I'm just looking for a way to access the device because it contains so many things in it
-
@johnpoz
I've got it with your very helpfull drawing and explanation.Thanks so much. :)
Regards,
Mucip:) -
@mucip said in Site to Site and Server-Client VPN in same Pfsense?:
very helpfull drawing
Your more than welcome - yeah if more people would post up drawings right off the bat, stuff would go some much quicker in figuring out the issues..
I always like to have a drawing - even if just for reference on what trying to accomplish.. It helps to make sure everyone on the same page if you will ;)
