Site2Site + Remote VPN



  • This is my first post as I can generally find the info I need by searching. I have yet to figure this out.

    I have two sites. Let's say Site A and Site B. I've had an OpenVPN Site2Site VPN running for several years now without any issues. To increase security I'd like to close down ports that are allowing for RDP access and other various services by providing a remote OpenVPN server so that users can connect and see all resources on both sites.

    Current setup is Site A is the Site2Site "Server" and Site B is the Site2Site "Client". Everything works great here.

    I setup a Remote OpenVPN that connects to Site B. Everything works there… Sort of... I can connect, I can RDP into desktops at Site B but not Site A. I can Ping some devices and not others. I can ping the gateway at Site B (192.168.3.1), I cannot ping the pfsense box at Site A (192.168.2.1) or anything else on that site. I can ping servers and desktops at Site A but cannot ping/telnet switches (I'm assuming that is some ACL's I have setup on those.)

    Any help on the rules and whatnot I need to setup for these remote clients to see Site A would be appreciated.



  • Could it be in your open VPN settings this?

    Inter-Client Communication: Allow communication between clients connected to this server.

    Just a guess?



  • Nope… tried both with that option checked and unchecked. I have a feeling it's a firewall rule but have no idea what I would need to allow.



  • Got it figured out…

    Site A uses 192.168.2.0/24
    Site B uses 192.168.3.0/24
    Site2Site Tunnel uses 192.168.0.0/24
    RemoteVPN Tunnel uses 192.168.1.0/24

    I had to add the RemoteVPN's subnet in my Site2Site server setting: Tunnel Settings> IPv4 Remote Network/s  (192.168.3.0/24, 192.168.1.0/24)

    And viola!

    God I love this software...



  • Good work.  It really is amazing isnt it :)