From roadwarrios to vpn site to site

OpenVPN
Log in to reply
  • M

    Hi guys,

    must implement that rule in the firewall to reach the VPN SITE TO SITE Roadwarriors connecting from?

    Thanks

    M.F.

    0
  • Cry Havok

    Can you try re-wording your question to make it clearer what you're asking please. It would help to know what version of pfSense you're talking about.

    0
  • M

    ok :) I use the pfsense 1.2.3
    i have to connect to roadwarrios on the vpn site to site is it possible ?

    0
  • Cry Havok

    I don't believe so, but it is simple to create another VPN just for those roadwarriors.

    0
  • X

    I agree with Cry Havok.
    I have not figured out how to do so with PSK, I am working on moving to PKI and if I figure out a way I will let you know.

    0
  • M

    Hi all,

    i have two Openvpn Server

    one is Site to Site Vpn
    two Roadwarriors  Vpn Connection

    I would like to connect to site to site vpn from roadwarriors vpn

    Could you help me ?

    0
  • Cry Havok

    That's just a routing issue - you have to ensure that all devices (or at least their default gateways, the routers) know how to reach all the IP ranges you're using.

    That's easier if your OpenVPN servers are also the default gateways for their networks. If they aren't then ensure that all the default gateways, on both the local and remote networks, know how to route to your Roadwarrior IP range. You'll also want to ensure that the Roadwarriors have the OpenVPN server pushed as their default gateway or have appropriate static routes pushed.

    For anything more precise you'll need to provide a diagram of your networks, how they are connected and what IP ranges you're using.

    0
  • M

    i have attached the screenshot.

    the my vpn roadwarriors not ping vpn site to site






    0
  • Cry Havok

    @Cry:

    For anything more precise you'll need to provide a diagram of your networks, how they are connected and what IP ranges you're using.

    0
  • X

    you will also want to remove your actual public IPs/FQDNs from your examples above.

    0
  • M

    On one pfSense box I have the following OpenVPN configurations:

    As a server for Road Warriors
    Dynamic IP: yes
    Address pool: 10.99.254.0/24
    Local network: 192.168.100.0/24
    Client-to-client VPN: yes
    Cryptography: BF-CBC (128-bit)
    Authentication method: PKI
    CA cert
    Server cert
    Server key
    DH parameters
    TLS
    LZO compression: yes

    As server for Site-To-Site OpenVPN
    Address pool: 10.11.12.0/24
    Remote network: 192.168.200.0/24
    Cryptography: BF-CBC (128-bit)
    Authentication method: Shared key
    Shared key cert
    LZO compression: yes

    My routing issue is:
    From Site 1 I can reach hosts on Site 2 and vice versa.
    From Road Warrior I can reach hosts on Site 1.
    I want to be able to reach hosts in Site 2 from Road Warrior.

    Could you help me ?

    0
  • Cry Havok

    It would be much, much, easier to help you if you'd provide the information we ask for.

    I'm guessing that Site 2 doesn't know how to route to the Road Warrior LAN.

    0
  • M

    Yes :) Roadwarriors don't ping site 2

    0
  • Cry Havok

    I'll say it slightly differently - have you configured the routers at Site 2 so that they know how to route to the Road Warrior subnet? They'll need a static route for 10.99.254.0/24 with a route through the Site 2 OpenVPN server's LAN IP.

    0
  • J

    I was told this arrangement isn't possible to have OpenVPN clients to one LAN have their traffic pass through another OpenVPN to another LAN… so I just setup more OpenVPN clients and servers.... it would be nice if each site could only need 1 OpenVPN...but I never got that working!

    0
  • GruensFroeschli

    That's not actually true.
    I have this exact setup working.

    It's really a matter of setting up static routes on every router involved, so every devices know where to send traffic to.

    0
  • Cry Havok

    It is perfectly possible - I've done it and I know some folks who have an intra-site VPN that they use daily without problems.

    As GruensFroeschli said, it's just a matter of getting the routes right.

    0
  • J

    I don't follow. The site to site openvpn comes up and the routes are setup. I have a client-to-site VPN on the same pfsense and I ass the correct push route statement to the openvpn configuration.

    Client VPN traffic goes from openvpn to pfsense first hop, but then no further.

    How could I add a route for this?

    0
  • GruensFroeschli

    The other side of the site-to-site knows nothing about the roadwarrior subnet.
    –>you need a static route to make the roadwarriors known.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy