OpenVPN connect multiple sites together.



  • I have successfully tested openVPN connectivity from one site to another using shared key method using pfSense 2.0. My next step is to connect four sites together. One site is the main office and the other three are satellite offices. I want them to have their own subnets but connect together as if they are on one network (just as the single site-to-site setup does). If I configure the main office to be the server, and then set up three VPN tunnels from that server - one for each remote office, on it's own port - will that connect them all? Or will that just create three isolated connections? I'm still in the planning stages for the most part, so I want to come up with a good strategy for connecting all four sites and would appreciate any thoughts on the matter. Thanks!


  • Rebel Alliance Developer Netgate

    It will make three isolated connections, but connecting them is as easy as adding route statements to the client config for each site for the networks at the other locations.

    So if you have Main Office A, and remote sites B, C, D, and E, you'd have custom options in the client config like:

    Site B:
    route c.c.c.c 255.255.255.0; route d.d.d.d 255.255.255.0; route e.e.e.e 255.255.255.0;

    Site C:
    route b.b.b.b 255.255.255.0; route d.d.d.d 255.255.255.0; route e.e.e.e 255.255.255.0;

    Site D:
    route b.b.b.b 255.255.255.0; route c.c.c.c 255.255.255.0; route e.e.e.e 255.255.255.0;

    Site E:
    route b.b.b.b 255.255.255.0; route c.c.c.c 255.255.255.0; route d.d.d.d 255.255.255.0;

    Substituting their real IPs of course.

    IMO when you get to around 4+ connections, using a site-to-site PKI setup with route/iroutes is the way to go as you can push all of the necessary config to the clients centrally. See here: http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)



  • Got it. Makes sense. Thanks again jimp!


Log in to reply