Routing for Multi-Hop VPNs help?

DaHai8

Not sure where else to go - except down this rabbit hole...

I am trying to set up where I can VPN Client into my home network VPN Server and have that forwarded to my home network VPN Client that is connected to a remote VPN server. Make sense?
A Multi-Hop VPN configuration.

I have a pfSense 4 port router.

On port 4 is subnet 192.168.3.0/24
It has a VPN Client (ClientA) on 192.168.3.3 and it is set as the Gateway for that subnet.
If it receives destination ip address for any of the local subnets, it forwards them to the pfSense router ip:
192.168.2.0/24 via 192.168.3.1 dev eth0 proto static
192.168.1.0/24 via 192.168.3.1 dev eth0 proto static
Any other ip addresses are fowarded to the VPN server (ServerA)
This all works properly.

I am trying to add a VPN server (ServerB) at 192.168.3.4 with gateway of 192.168.3.3 .
I wish to use a remote VPN Client (ClientB) to connect to ServerB and then forward on the packets to ClientA, which sends local network packets to the router and all others to remote ServerA.
I've opened ports via the NAT page to forward the ClientB connection to ServerB.
And I've added a port rule for the ClientB ip address to go straight to the pfSense Router and not ClientA (hoping this sends return packets back to ClientB)
132.32.54.8 via 192.168.3.1 dev eth0 proto static

But all this does not seem to work. It does not connect to ServerB - probably because the return packets are going 'elsewhere'.

I tried moving ServerB to a different subnet (192.168.2.0/24) and I can connect with ClientB and access my home network, but I don't know how to route packets from ServerB across the subnets to ClientA.

These are all my own VPN Clients and Servers so I can change their configurations at any time as needed. It is not possible to connect ClientB directly to ServerA, and I do not wish to explain why.

Please let me know if you need more info or have any ideas what to check or where to go for self-help.

Thank you!

viragomann

@DaHai8 said in Routing for Multi-Hop VPNs help?:

I am trying to set up where I can VPN Client into my home network VPN Server and have that forwarded to my home network VPN Client that is connected to a remote VPN server. Make sense?

In some specific cases, maybe.

What's the sense of running multiple routers and VPN servers and clients on different devices?
It might be easier to set up all these on pfSense.

DaHai8

So I move ServerB back to 192.168.3.4, the same subnet as ClientA(192.168.3.3) .

And I changed the default gateway on ServerB to be the pfSense Router (192.168.3.1) instead of the default gateway ClientA.
And that worked...at least I could connect to ServerB from ClientB.
But of course, it did not forward any packets to ClientA and onto ServerB.

So now I'm just trying to figure out how to do that...

DaHai8

@DaHai8
Works! Just had to find the correct client ip address to create a routing exception in ServerB !
Woohoo!