Having problems connecting two OpenVPN-Servers

Hope-IT-Works · Apr 24, 2023, 2:03 PM

Hello and thank you for reading.

We have the problem, that our office is only connected via mobile communications, but a VPN tunnel is required so that the devices in the office can be accessed remotely.

Since the office is only connected via mobile communications, there is no way to open a port.

Accordingly, this VPN tunnel must be tunneled via a separate server in the cloud. For this, I installed pfSense in the cloud with a static IP address.

I created 2 OpenVPN servers:

1. Server to Client

This is the VPN server that users will connect to

2. Site to Site

The pfSense instance in the office connects to this VPN server.

Both VPN tunnels work by themselves. But accessing a device in the office remotely is not yet possible. I adopted the configuration as described here: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html

Unfortunately, access to the devices in the office still does not work.

Here is a diagram of the current setup (Image):

I'm grateful to everyone trying to help resolve this issue.

If more information is needed, don't hesitate to request it.

Thank you and greetings from Germany.
Tobias
@Hope-IT-Works

viragomann · Apr 24, 2023, 2:03 PM

@hope-it-works said in Having problems connecting two OpenVPN-Servers:

I adopted the configuration as described here: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html

We don't like this mode here in the forum. It results into many troubles and you don't need tap mode to achieve what you intend to.

I recommend to set up a normal remote access server for clients access: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-ra.html#openvpn-remote-access-configuration-example
And a site-to-site for connecting your office: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html#openvpn-site-to-site-configuration-example-with-ssl-tls

If you've configured all properly access from clients should work flawlessly after.
If you have troubles with it come back, you will get help here.

Hope-IT-Works · Apr 25, 2023, 9:53 AM

@viragomann Thanks for your reply. That's what I had configured before. There I couldn't use the same subnet for both VPN servers.

I should mention that we currently don't have a LAN Interface. Is a LAN interface required for this setup?

If yes, could I configure a VLAN with the WAN as the parent interface for this purpose?

Thank you.

viragomann · Apr 25, 2023, 9:53 AM

@hope-it-works said in Having problems connecting two OpenVPN-Servers:

That's what I had configured before. There I couldn't use the same subnet for both VPN servers.

That's correct. But is there any reason for needing both to be within the same layer 2?
For accessing services that's not a requirement at all.

I should mention that we currently don't have a LAN Interface. Is a LAN interface required for this setup?

You only need access to the pfSense GUI to configure it. If you have open the WAN for this purpose, you don't need a LAN interface.