Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site VPN with multiple locations via one vpn server

    OpenVPN
    2
    5
    152
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tieskekiggen
      last edited by

      I would like to have multiple locations connect to an OpenVPN server active within pfSense. Each location will be assigned a fixed ip address via a client specific override and through the OpenVPN server the routes pushed to the clients. Within pfSense I create gateways for all the remote locations so that I can then create static routes for the networks active at the different locations. However, I cannot get it to send traffic to and from the remote locations. I see in the state table in and captures that the traffic is going through the appropriate vpn interface to the location, but I don't see the traffic coming in at the other location. The same thing happens the other way around. All clients can reach the gateway of the OpenVPN server within pfSense and vice versa as well. Only routing the traffic from the underlying subnets does not seem to work. I am using OpenVPN in remote access server mode so that I can have multiple locations connected based on username and a strong password. Could it possibly be that routing is not possible in remote access server mode, but only in peer to peer mode? Or is there something I am overlooking?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @tieskekiggen
        last edited by

        @tieskekiggen said in Site to Site VPN with multiple locations via one vpn server:

        Within pfSense I create gateways for all the remote locations so that I can then create static routes for the networks active at the different locations.
        Could it possibly be that routing is not possible in remote access server mode

        Not this way. You cannot use static routes, hence creating gateways is useless.
        The routing is done inside OpenVPN according the remote networks stated in the CSOs.

        Did you enter the remote networks in the CSOs properly?

        If yes, check if the CSOs are even applied, when the clients are connecting.

        T 1 Reply Last reply Reply Quote 0
        • T
          tieskekiggen @viragomann
          last edited by

          @viragomann Yes, the routes are properly pushed to the client routers. And normal mobile clients via the OpenVPN app work fine. For other peer to peer tunnels, we also use static routes/bgp to send data over the VPN and that does work properly. Because of that, I thought it might also be possible for remote access mode servers, so I can bundle the smaller sites on one server.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @tieskekiggen
            last edited by

            @tieskekiggen
            I wasn't talking about routes on the clients, but the routing inside OpenVPN (iroute).
            You can not see this in the routing table. The only way to verify is to check the server log. However, enhance the log level to 4 before, then reconnect a client.

            T 1 Reply Last reply Reply Quote 0
            • T
              tieskekiggen @viragomann
              last edited by

              @viragomann Sorry there was some confusion on my end. The abbreviation CSO was not clear to me, but after some further searching it became clear and I added the route to the remote networks tab for the subnets on the client side. Thanks for your help, it works now!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.