Site 2 site vpn question

StefanSander

hello,

can someone please explain me how to setup a bidirectional ovpn-tunnel
between two pfsense walls?

I have office1 running pfsense and office2 running it,
do i have to configure only one tunnel from office1
to office2 (office1=client, office2=server) to get
it work in both directions or do i have to setup
client and server vpn on both sites?

Is there some documentation for site 2 site OpenVPN?

many thanks

sullrich

http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense

StefanSander

well, i read that, but it doesn't seem to focus on site 2 site. I don't want bridging.
Please -v

StefanSander

ok, i read it 10 times now, i really don't see something about site to site
in there.

Can somebody please tell me in some short words what i have
to do to configure a tunnel that works in both directions?

I have created a tunnel as described in the doc, and i entered
the remote network for site 2 site vpn, but i can only connect
from office1(ovpn configured as client) to office2(ovpn configured
as server)…

xibalba

if you have pfSense on both ends, I'd recommend setting up IPSec. It is amazingly easy and quick to setup. There is plenty of documentation on the site regarding a site to site (router to router) IPSec VPN. I currently use pfSense between my house, my friends house and our colocation center with an IPSec VPN flawlessly (aside from some virtual ip issues.(http://forum.pfsense.org/index.php/topic,2361.0.html)).
Good luck

fernandotcl

OpenVPN IPsecs are nothing more than a tun/tap (in this case, tun) interface linking both endpoints together. All OpenVPN does is to create the tunnel and then (optionally) set routes to emulate a local network. Therefore, OpenVPN is essentially site-to-site friendly.

If you can't access from A to B, you are not filling the "Remote network" fields correctly. Check your config.

thinair

I run a point to point OpenVPN between two pfsense boxes, what do you need to know? :)

tunge2

the site 2 site is very simple to set up (with the pdf document)…. but is it also possible to connect 3 pfsense client machines to one openvpnserver-pfsensemachine and routed the networks behind the 3 pfsense machines......(i don't want to open to much external (firewall) ports

PC1                                              PC2
      |                                                |
NETWORK1                                NETWORK2                                NETWORK3
      |                                                |                                          |
OPENVPNCLIENT1                    OPENVPNCLIENT2                        OPENVPNCLIENT3
      |                                                |                                          |
PFSENSE1                                  PFSENSE2                                  PFSENSE3
      |                                                |                                          |
    ---------------------------------------------------------------------
                                                      |                                       
                                            OPENVPNSERVER
                                                PFSENSE4
                                                      |
                                                      PC3

So that PC2 can ping PC1 and PC3 and PC3 can ping PC2 and PC1 and PC1 can ping PC2 and PC3