Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple tunnels, joining multiple sites at a 'hub'

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sheepthief
      last edited by

      Hi folks, I'm one of those really annoying users - enough knowledge to be dangerous, but not enough to be useful!

      pfSense 2.01-i386 in ESX environments -

      I've managed to set up a single OpenVPN client/server tunnel, and traffic is passing between the endpoints. However, I need multiple tunnels, radiating out from a single 'hub', and so far my attempts to get this working have failed.

      If I configure multiple OpenVPN servers on one pfSense VM, only one instance of the OpenVPN service will run (I am specifying different UDP ports for each server).

      If I configure a single OpenVPN server there's more than one remote network so how do I specify that in the server configuration?

      Any suggestions as to what I might be doing wrong, or what other methods might be better suited to this?

      Currently I have the following configuration -

      Common
          server mode: peer to peer (shared key)
          protocol: udp
          device mode: tun
          interface: wan
          cryptographic settings: same

      Server (wan 10.240.76.95 lan 172.16.76.0/24)
          tunnel: 172.17.76.0/24
          local: 172.16.76.0/24
          remote: 172.16.0.0/16

      Client (wan 10.240.68.95 lan 172.16.68.0/24)
          tunnel: 172.17.68.0/24
          remote:  172.16.76.0/24

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        you should be able to run multiple ovpn servers without problems (on different ports).

        check logs to see what errors you get when you try to start a second server

        1 Reply Last reply Reply Quote 0
        • S
          sheepthief
          last edited by

          @heper:

          you should be able to run multiple ovpn servers without problems (on different ports).

          check logs to see what errors you get when you try to start a second server

          Thanks Heper - I figured it out - I gave up on trying a single server with multiple clients and went back to trying multiple server/client pairs. Where I was going wrong initially turned out to be the tunnel addresses - everything seems to be working now that every server and every client has a unique non-overlapping /30 address space. I'm away from the systems right now so can't check in detail, but yes, progress is being made =:-)

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You can do the hub-and-spoke style setup with OpenVPN in SSL/TLS mode and a single server - it just has some setup differences.

            See http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_%28SSL%29

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              sheepthief
              last edited by

              Thanks jimp - I got it working with multiple server endpoints on the one pfsense box. When time allows I'll look into the method you've listed to see if it offers any advantages, and I'll report back here with a comparison.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.