Routing Between OpenVPN servers
-
I would like to set up the pfsense device as follows:
pfsense hosts OpenVPN servers A, B, C
psense server LAN subnet 10.0.1.0/24
Client 1 with LAN subnet 10.0.2.0/24 connects to server B – virtual OpenVPN subnet is 172.16.2.0/24 -- cannot interact with any subnets other than its local
Client 2 with LAN subnet 10.0.3.0/24 connects to server C -- virtual OpenVPN subnet is 172.16.3.0/24 -- cannot interact with any subnets other than its localUser connects to server A -- virtual OpenVPN subnet is 172.16.1.0/24 -- can interact with local to the pfsense, Client 1, and Client 2 (subnets 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24)
Is this possible?
-
Yes. The connections allowed into a pfSense node from the other end of an OpenVPN connection are on Firewall > Rules, OpenVPN tab.
So on the pfSense server, you would simply not pass connections from 10.0.2.0/24 or 10.0.3.0/24. On Clients 1 & 2 you would pass connections from 10.0.1.0/24.
You can also assign interfaces to OpenVPN servers so you can have a firewall rule tab for each server, instead of all OpenVPN servers combined. This gives you a little more granularity and lets you do things like NAT out a VPN tunnel, etc.
It doesn't have to be three different servers either. You could do it with one Remote Access (At least I think that's what you're describing as Server A) and one Site-to-Site (to go to Clients 1 & 2).
