Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN connect multiple sites together.

    OpenVPN
    2
    3
    9238
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      keystonetech last edited by

      I have successfully tested openVPN connectivity from one site to another using shared key method using pfSense 2.0. My next step is to connect four sites together. One site is the main office and the other three are satellite offices. I want them to have their own subnets but connect together as if they are on one network (just as the single site-to-site setup does). If I configure the main office to be the server, and then set up three VPN tunnels from that server - one for each remote office, on it's own port - will that connect them all? Or will that just create three isolated connections? I'm still in the planning stages for the most part, so I want to come up with a good strategy for connecting all four sites and would appreciate any thoughts on the matter. Thanks!

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        It will make three isolated connections, but connecting them is as easy as adding route statements to the client config for each site for the networks at the other locations.

        So if you have Main Office A, and remote sites B, C, D, and E, you'd have custom options in the client config like:

        Site B:
        route c.c.c.c 255.255.255.0; route d.d.d.d 255.255.255.0; route e.e.e.e 255.255.255.0;

        Site C:
        route b.b.b.b 255.255.255.0; route d.d.d.d 255.255.255.0; route e.e.e.e 255.255.255.0;

        Site D:
        route b.b.b.b 255.255.255.0; route c.c.c.c 255.255.255.0; route e.e.e.e 255.255.255.0;

        Site E:
        route b.b.b.b 255.255.255.0; route c.c.c.c 255.255.255.0; route d.d.d.d 255.255.255.0;

        Substituting their real IPs of course.

        IMO when you get to around 4+ connections, using a site-to-site PKI setup with route/iroutes is the way to go as you can push all of the necessary config to the clients centrally. See here: http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          keystonetech last edited by

          Got it. Makes sense. Thanks again jimp!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post