OpenVPN - Site-to-Site - Clients Connectivity



  • Hi,

    I've OpenVPN configured between three sites:

    CONFIG DETAILS

    Main Office - Server
    10.1.0.0/24

    Branch 01 - Client
    192.168.1.0/24

    Branch 02 - Client
    192.168.0.0/24

    SCENARIO

    The branches offices can connect, ping and access resources on Main Office (vice-versa).

    But I need that the Branches Offices can connect, ping and access resources between them either (Branch 01 and Branch 02).
    What configuration do I need to do ?

    Thanks

    Frederico.



  • You didn't mention which pfSense version you're using in all this?

    If this is the same configuration as your previous thread (https://forum.pfsense.org/index.php?topic=93729.msg520236#msg520236, then the simplest solution IMHO is to change your setup slightly so that the HO has only 1 OpenVPN server that handles both BrO1 and BrO2.

    You tell the OpenVPN server about all the remote networks in a comma separated list entered in "IPv4 Local Network/s" (192.168.1.0/24, 192.168.0.0/24 in your case).
    You use the Client Specific Configurations on the server to specify which remote network gets routed to which client (this has to be currently working or your dual server setup wouldn't be working now)

    The BrO1 and BrO2 clients both connect to the same HO OpenVPN server and the CSC settings make sure things are routed where they need to go.  The server hands out all external routes to both clients so they understand how to get to each other's networks (through the server).

    The only other way is to setup say, BrO1 as it's own additional OpenVPN server and add a client from Br02 to Br01.