Having problems connecting two OpenVPN-Servers
-
Hello and thank you for reading.
We have the problem, that our office is only connected via mobile communications, but a VPN tunnel is required so that the devices in the office can be accessed remotely.
Since the office is only connected via mobile communications, there is no way to open a port.
Accordingly, this VPN tunnel must be tunneled via a separate server in the cloud. For this, I installed pfSense in the cloud with a static IP address.
I created 2 OpenVPN servers:
1. Server to Client
- This is the VPN server that users will connect to
2. Site to Site
- The pfSense instance in the office connects to this VPN server.
Both VPN tunnels work by themselves. But accessing a device in the office remotely is not yet possible. I adopted the configuration as described here: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html
Unfortunately, access to the devices in the office still does not work.
Here is a diagram of the current setup (Image):
I'm grateful to everyone trying to help resolve this issue.
If more information is needed, don't hesitate to request it.
Thank you and greetings from Germany.
Tobias
@Hope-IT-Works -
@hope-it-works said in Having problems connecting two OpenVPN-Servers:
I adopted the configuration as described here: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html
We don't like this mode here in the forum. It results into many troubles and you don't need tap mode to achieve what you intend to.
I recommend to set up a normal remote access server for clients access: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-ra.html#openvpn-remote-access-configuration-example
And a site-to-site for connecting your office: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html#openvpn-site-to-site-configuration-example-with-ssl-tlsIf you've configured all properly access from clients should work flawlessly after.
If you have troubles with it come back, you will get help here. -
@viragomann Thanks for your reply. That's what I had configured before. There I couldn't use the same subnet for both VPN servers.
I should mention that we currently don't have a LAN Interface. Is a LAN interface required for this setup?
If yes, could I configure a VLAN with the WAN as the parent interface for this purpose?
Thank you.
-
@hope-it-works said in Having problems connecting two OpenVPN-Servers:
That's what I had configured before. There I couldn't use the same subnet for both VPN servers.
That's correct. But is there any reason for needing both to be within the same layer 2?
For accessing services that's not a requirement at all.I should mention that we currently don't have a LAN Interface. Is a LAN interface required for this setup?
You only need access to the pfSense GUI to configure it. If you have open the WAN for this purpose, you don't need a LAN interface.
