Pfsense 2.0 site-to-site with multiple clients[SOLVED]



  • I have a partial working site-to-site.

    Global Settings:
         p2p Shared Key
         UDP
         tun
         compression

    Server:
         Tunnel Network: 10.0.8.0/24
         Local Network: 10.1.1.0/24
         Remote Network: 192.168.1.0/24
         pfsense LAN IP: 10.1.1.1

    Client1
         Tunnel Network: 10.0.8.0/24
         Remote Network: 10.1.1.0/24
         pfsense LAN IP: 192.168.1.1

    This is working As is - But I want to add another client


    Client2
         Tunnel Network: 10.0.8.0/24
         Remote Network: 10.1.1.0/24
         pfsense LAN IP: 192.168.2.1

    Adding the client2 breaks the system.
    Problem 1: Both clients get the same virtual IP in each respective status page (10.0.8.2)
    Problem 2: Server only sees 1 client
    Problem 3: Everything works between Server and Client1 when Client2 is down and everything works between Server and Client2 when Client1 is down.

    I'm guessing I have to assign static IPs to each client with:ifconfig 10.8.0.X 255.255.255.0and add the next route on each client:```
    route 192.168.2.0 255.255.255.0

    
    What am I missing?


  • The solution to this problem is to have multiple site-to-site VPNs. You can have a site-to-site between two nodes, but adding clients will cause issues. For inter-connectivity 2 VPN servers and 3 clients are required. This makes a mesh network.
    Below is a diagram that outlines the solution. Adding a fourth client to the equation makes this even more complicated if inter-connectivity is required.

    If anyone would like to comment on this solution please do so!



Log in to reply