OPENVPN, 2 site to sites, road warrior, common visibility help?

argint

Hi Pfsensers, firstly - awesome product, what can I say. I did my research before we replaced silly units with this puppy in our main office and 2 branch offices and Im more than happy - well done!

I would like some guidance if anyone could spare a few moments. I have purchased the book, ive tried google and looked in forums….but in reality im not an expert in routing or networking. What I know I know and Ive learned a lot implementing our current system and ive tried to follow standard practices. So Im not being lazy here, just need some (hopefully) advice - spare me a dime, buddies??

Our setup:

We have (IPs not well chosen in early days, i realise we could have conflicts for road warriors due to subnets, but we cant change it over nite as you will appreciate, ):

Main office: 192.168.2.1
Branch Office 1: 192.168.3.1
Branch office 2: 192.168.4.1

We have 3 open vpn servers in pfsense on main office: shared key, site to site, openvpn to both branch offices, plus one road warrior client

We have (presently, me) one roadwarrior (PKI) client running in to another server in main office.

So - I can 'see' the main office subnet from road warrior client.

I cant 'see' the other 2 branch office subnets from roadwarrior

Now, I know this is about routes being configured, i have seen some info here, i think i need to push routes to the client, and pull from the client, or use iroute?

The issue is, ive struggled to find a good example of doing this the best way, or recommended way, and what settings I need to consider, or extra firewall rules.

Basically id like to monitor main office, and 2 branch offices from my road warrior.

Ive came a long way with pfsense, could any generous spirit help me up the next rung of the ladder?

Ill blush if its in the book, as its at work and Im at home with a fractured ankle!

Many thanks in advance..

Argint.