Site 2 site vpn question



  • hello,

    can someone please explain me how to setup a bidirectional ovpn-tunnel
    between two pfsense walls?

    I have office1 running pfsense and office2 running it,
    do i have to configure only one tunnel from office1
    to office2 (office1=client, office2=server) to get
    it work in both directions or do i have to setup
    client and server vpn on both sites?

    Is there some documentation for site 2 site OpenVPN?

    many thanks





  • well, i read that, but it doesn't seem to focus on site 2 site. I don't want bridging.
    Please -v



  • ok, i read it 10 times now, i really don't see something about site to site
    in there.

    Can somebody please tell me in some short words what i have
    to do to configure a tunnel that works in both directions?

    I have created a tunnel as described in the doc, and i entered
    the remote network for site 2 site vpn, but i can only connect
    from office1(ovpn configured as client) to office2(ovpn configured
    as server)…



  • if you have pfSense on both ends, I'd recommend setting up IPSec. It is amazingly easy and quick to setup. There is plenty of documentation on the site regarding a site to site (router to router) IPSec VPN. I currently use pfSense between my house, my friends house and our colocation center with an IPSec VPN flawlessly (aside from some virtual ip issues.(http://forum.pfsense.org/index.php/topic,2361.0.html)).
    Good luck



  • OpenVPN IPsecs are nothing more than a tun/tap (in this case, tun) interface linking both endpoints together. All OpenVPN does is to create the tunnel and then (optionally) set routes to emulate a local network. Therefore, OpenVPN is essentially site-to-site friendly.

    If you can't access from A to B, you are not filling the "Remote network" fields correctly. Check your config.



  • I run a point to point OpenVPN between two pfsense boxes, what do you need to know? :)



  • the site 2 site is very simple to set up (with the pdf document)…. but is it also possible to connect 3 pfsense client machines to one openvpnserver-pfsensemachine and routed the networks behind the 3 pfsense machines......(i don't want to open to much external (firewall) ports

    PC1                                              PC2
          |                                                |
    NETWORK1                                NETWORK2                                NETWORK3
          |                                                |                                          |
    OPENVPNCLIENT1                    OPENVPNCLIENT2                        OPENVPNCLIENT3
          |                                                |                                          |
    PFSENSE1                                  PFSENSE2                                  PFSENSE3
          |                                                |                                          |
        ---------------------------------------------------------------------
                                                          |                                       
                                                OPENVPNSERVER
                                                    PFSENSE4
                                                          |
                                                          PC3

    So that PC2 can ping PC1 and PC3 and PC3 can ping PC2 and PC1 and PC1 can ping PC2 and PC3


Locked