Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote dial in and site to site at the same time

    Scheduled Pinned Locked Moved
    OpenVPN
    4
    5
    804
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MikeDPitt
      last edited by

      I have pfsense 2.2 both at home, and at my office. Both are currently configured for remote dial in open VPN users. I do keep different subnet assignments for all the work and home subnets. At home I use subnets of 192.168.0., 192.168.1., and 192.168.3.. At the office I use 192.168.2. and 192.168.6.. I use openvpn subnets of 10.8.0. at home for remote dial in, and 10.8.1.* at the office for remote dial in. I am wondering if it is also possible to maintain a site to site VPN so I can share resources back and forth. Will this conflict with the remote dial in servers running in any way? Sorry if that's kind of a n00b question. I just don't want to mess with a working config if what I'm trying to do isn't possible. I can do remote dial in to either no problem from anywhere. But it would be awesome to be able to connect to one, and hit resources on both. Or also to just be able to access home LAN from work LAN and vice versa. What's the best way to go about this?

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        The way I normally do this is to add a second OpenVPN instance in the "Main" or "Server" pfSense box (I'm guessing that's the office) and set it up as a Site-Site server.
        Just make sure to use a different port than the existing RoadWarrior server on the same box and add a new Firewall->Rule to allow incoming traffic on the new port.  The other pfSense box is setup as a Site-Site client.

        I run a number of these setups and they work very well, the two OpenVPN instances on each box coexist very nicely.
        You should be able to add the Site-Site configuration without touching the RoadWarrior setups at all.
        Just make sure when you do final testing that you Don't have a RoadWarrior connection established from the same machine that you're using to test the Site-Site (or you won't be testing what you think you're testing)

        Let us know how it goes…..

        -jfp

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Just create a new OpenVPN instance for the site to site, as divsys described. That won't impact your existing setup.

          1 Reply Last reply Reply Quote 0
          • M
            MikeDPitt
            last edited by

            Thanks! I think I understand exactly what you mean. And the way you had described is exactly how I would try to it. I wanted to run the server of the site to site, on the office pfsense box, as it's nicer hardware. So just run them on different ports, and create firewall rules to route between the subnets? It's really as simple as that? That's great to hear.

            1 Reply Last reply Reply Quote 0
            • W
              willieaames
              last edited by

              Agreed, thats the only way you could do that.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post