Branch Office over MPLS
-
I have been trying to get a connection from my main office to my branch office over OpenVPN to stabilize over the last month. In the mean time, I want to revert back to the MPLS link that is still active. Let me illustrate my network (setup before I arrived on the scene…). I searched, but can't quite find the scenario I'm working with as you will see below (MPLS IP address).
Home office:
10.0.0.0/24 (em1)
Gateway is 10.0.0.254 connected to BrightHouse 74.x.x.x (em0)
OpenVPN interface is 10.0.8.1
10.0.0.47 (em2) connected to MPLS interface 10.0.0.100 (disconnected at the moment)Branch Office:
10.0.1.0/24 (em1)
Gateway is 10.0.1.254 connected to BrightHouse (em0)
OpenVPN interface is 10.0.8.2
MPLS interface is 10.0.1.100 (disconnected at the moment)I want to keep the BrightHouse Internet at the Home office and route all traffic from the Branch Office over MPLS to the Home Office for either the 10.0.0.0/24 network or the Internet. I tried this by setting a static route from the Home office to Branch over the MPLS via em2, but I suspect that there is a problem with routing.
I can change the default gateway for all of the computers at the branch office to 10.0.1.100 no problem. The problem is what to do on the Home office side. I need to be able to go from Home Office to Branch Office and Branch Office to Home office and both locations to the Internet.
I can put together a diagram if that would help. Any thoughts?
Thanks
Rick -
Im trying to remember how this is set up between a couple of our sites.
I believe that our "remote" site is connected to the MPLS via its WAN port and that on the opposite "home" site connects to a LAN port. However this is a vendor setup and is actually routing VOIP circuits on another type of router. Everything is static. Might be worthless information or give you ideas. Either way… :)
-
Before I inherited this setup, the MPLS link was from the telco equipment to the local switch at the remote location and to the third NIC in a custom Linux firewall solution on the Home Office side. That firewall died the day I took over (oh the joy) so I don't know how it was configured.
I am still trying to figure out the routing logic on this one and am open to almost anything at this point. I may even call Windstream and get them to change the LAN interface IPs to something like 10.0.10.0/24 to get it out of the LAN subnet on each network.
rick
-
https://forum.pfsense.org/index.php?topic=69588.msg380413#msg380413 Ive got several of these (openvpn) links working into my primary box. Works very well. :)
Looks to me that at your home office your em1 and em2 interfaces need to be bridged. Then into the remote side with a 10.0.0.0/24 address on a WAN port.
I also believe that MPLS needs VLAN tagging but there again I could be wrong.