Using pfsense as an openvpn server
-
ok, i've got sort of a strange setup… i'm just learning the ins and outs of pfsense and plan to implement it in my whole organization, but for right now we're using untangle... i don't like untangle's limitation with thier openvpn implementation, namely the hub-and-spoke only type vpns, but, as there are already several connections made now with untangle, for the time being it needs to stay in place as my router for (let's give as an example, offices A, B, and C)
so offices A, B, and C, are connected via untangle in a hub and spoke fashion (office A is hub), but i have ~20 satellite offices that i would like to connect to office B, from there i would like it so that those 20 satellite offices can access resources on office Bs network, as well as maybe a few things on office A's....
so the plan would be to load up a VM with pfsense on it and a single nic behind my untangle router at office B, on a non-standard openvpn port (which i would forward through untangle)... connect those 20 sattelite offices (which all have unique IP address schemes already) and have all of the routing work as mentioned...
those 20 offices would be connected by smaller/simpler/cheaper devices, for example a tomato firmware based VPN router (with openvpn) or a mikrotik or dd-wrt router)
i've read several guides on how to connect pfsense to those types of devices, but never in the configuration i need (pfsense NOT as a routing device) so i can't quite wrap my head around how i'd need to set up the routes
it irritates me that i can't use pfsense as a router because i know it is an amazing router, but at the same time it seems to have one of the best interfaces for openvpn out there... plus as all of my sattelite offices are technically on thier own networks, i do technically need that server to do a bit of routing
any help? or suggestions?
the company is a nonprofit, so i'm obviously trying to leverage free software and resources to accomplish this
appreciate all of your help in advance, thanks
EDIT: i would also like all internet traffic on those devices in satellite offices to go straight to the internet, only local traffic i want passing through the VPN...