Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How can I configure our pfSense firewalls to allow Server B, located on a client network connected through a tunnel to our primary firewall, to connect to Server A, which is hosted in our remote office connected via a site-to-site VPN?

    Scheduled Pinned Locked Moved
    IPsec
    2
    6
    107
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aneeshksurendran9007
      last edited by

      Our company is using Primary Pfsense firewall and a other pfsense for remote office. The remote office pfsense are connected to the primary pfsense by site to site. also the client network are connected using tunnel from the primary firewall. Now the client side Server B want to make connection to Server A that is hosted in our remote office. so how can i resolve this issue & and where i have to write rules. Untitled Diagram.jpg

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @aneeshksurendran9007
        last edited by

        @aneeshksurendran9007 said in How can I configure our pfSense firewalls to allow Server B, located on a client network connected through a tunnel to our primary firewall, to connect to Server A, which is hosted in our remote office connected via a site-to-site VPN?:

        also the client network are connected using tunnel from the primary firewall.

        Which tunnel?? IPSec as well?

        Policy-based IPSec or routed?

        A 1 Reply Last reply Reply Quote 0
        • A
          aneeshksurendran9007 @viragomann
          last edited by aneeshksurendran9007

          @viragomann We are using IPsec tunnels to make connection from primary pfsense to client side. Using openvpn client we can connect to the client side. but the issue is that server from the client side want to connect our remote site server .

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @aneeshksurendran9007
            last edited by

            @aneeshksurendran9007
            You need to configure both VPNs in play for proper routing the traffic. Hence both are relevant.

            So in the IPSec you have to add an additional phase 2 on both sites to connect the OpenVPN tunnel network with server A.
            Means, on the pimary:
            local: network > OpenVPN tunnel network
            remote: server A IP

            On the remote:
            local: server A IP
            remote: OpenVPN tunnel network

            In the OpenVPN access server settings, in case you haven't "redirect gateway" enabled, you have to add server A IP to the local networks with a /32 mask to push the routes to the clients.

            A 1 Reply Last reply Reply Quote 1
            • A
              aneeshksurendran9007 @viragomann
              last edited by

              @viragomann you are saying that we need to create another tunnel in remote office firewall? we all ready created P1 & p2 tunnel in main firewall . my question is that if i write rule in remote office firewall, the client server can access the server in site B

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @aneeshksurendran9007
                last edited by

                @aneeshksurendran9007
                If your current phase 2 doesn't cover the OpenVPN tunnel network, you need a second one.
                IPSec phase 2 must always be added to both sites.

                You can circumvent this, however, by natting the VPN clients access to an unused IP of the existing p2 at the main office.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post