• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Remote OVPN Client access devices in Remote LAN over OpenVPN Site2Site link?

OpenVPN
openvpn openvpn client site-to-site routing
2
4
967
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mpcjames
    last edited by Dec 18, 2021, 3:10 PM

    Hello, I’m wondering if anyone can shed any light on the below issue, please….

    I am having troubles trying to enable clients (who are remotely connected via OpenVPN client to Site A), to be able to access devices on Site B via an established Site2Site OpenVPN.

    Here’s my current setup:

    Site A (HQ)
    Pfsense LAN IP 10.10.1.1/24
    OpenVPN Server setup in pfsense with tunnel network as 10.0.8.0/24
    Remote Networks set in OpenVPN server config as 10.10.2.0/24

    Site B (BRANCH)
    Pfsense LAN IP 10.10.2.1/24
    OpenVPN Client setup in pfsense with tunnel network as 10.0.8.0/24
    Remote Networks set in OpenVPN server config as 10.10.1.0/24

    The above setup works fine, and devices situated in either site can access all devices on the opposite site through the VPN - perfect.

    At Site A, I also have a second OpenVPN Server setup in pfsense. This is for remote staff with username/password etc.
    It has a tunnel network of 10.0.7.0/24.
    And Remote Networks set in OpenVPN server config as 10.10.1.0/24.

    Windows clients are able to use the OpenVPN client to connect to Site A, and access all resources on the Site A LAN (10.10.1.0/24) - perfect.

    However, I now have a requirement that remote staff need to be able to access devices on Site B, whilst they are connected to the Site A VPN.

    I’m struggling to get the routing correct and wondered if anyone had any ideas, please?

    Currently from a Client connected over the VPN to Site A, I can ping any device in Site A LAN, and I can ping the tunnel interface IP (10.0.7.1). I am also able to ping the other OpenVPN tunnel interface, for the Site2Site VPN, on IP 10.0.8.1 , however I am not able to ping the remote side of that Site2Site link (10.0.8.2). Nor can I ping any devices on the Site B subnet (10.10.2.1/24).

    J 1 Reply Last reply Dec 18, 2021, 3:24 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @mpcjames
      last edited by Dec 18, 2021, 3:24 PM

      @mpcjames well you need to make sure in this 2nd instance that you list the networks you need to get to..

      This would be the site b network 10.0.2/24 and on site B you would have to setup to get to the other instance tunnel network 10.0.7/24 you need to go down the vpn connection.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      M 1 Reply Last reply Dec 18, 2021, 3:28 PM Reply Quote 1
      • M
        mpcjames @johnpoz
        last edited by Dec 18, 2021, 3:28 PM

        @johnpoz
        That's great thank you, I was just missing the return tunnel network of 10.0.7.0/24 on Site B.
        All working 👍

        J 1 Reply Last reply Dec 18, 2021, 4:34 PM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @mpcjames
          last edited by Dec 18, 2021, 4:34 PM

          @mpcjames glad I could help.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.