Multiple Lan-toLan - Migrate from Zeroshell + fix setup for better performance



  • I have a lan to lan vpn setup with Zeroshell like this:

    Open VPN Server at location 1

    Open VPN Client at location 2 connecting to location 1
    Open VPN Client at location 3 connecting to location 1
    Open VPN Client at location 4 connecting to location 1
    Open VPN Client at location 5 connecting to location 1

    Open VPN is setup with PSK only, each device connects to the external IP of each location on a separate port

    STATIC ROUTES at Location 1

    | Destination | Netmask | Gateway |
    | 192.168.25.0 | 255.255.255.0 | 10.10.25.1 |
    | 192.168.3.0 | 255.255.255.0 | 10.10.3.1 |
    | 192.168.2.0 | 255.255.255.0 | 10.10.2.1 |
    | 192.168.1.0 | 255.255.255.0 | 10.10.1.1 |
    | DEFAULT GATEWAY | 0.0.0.0 | xxx.xxx.xxx.254 |

    I have assigned local 192.168.x.x subnets to each location, added a 10.10.x.1 to each vpn interface and added a route from each location to the location's local subnet.
    Locations 2-5 have a 10.10.x.10 address, and I have the reverse of each route on those devices.

    This performs terribly. I am unsure if my setup is just plain wrong ( as in works, but not the optimal way to do it), or If ZS is just not handling the load.

    As well, ZS has no update feature. With little response on the ZS community, I would like to migrate to PfSense for this network. Before I start, I was wondering if I could, with this setup, replace one device at a time. If however, the first response is "wtf are doing it like that for?" I can bring all 6 devices down at once and replace them with some planning. (They are in different cities about five hours drive apart, so I'd like to avoid that if I can)

    One thing I would like to do, and I am not sure how to accomplish with ZS, is to limit locations 2-5 to use the VPN route only for remote desktop and smb browsing. it looks like ALL traffic is going through location1's internet gateway each location should be able to watch you tube without using location 1's bandwidth.