Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense as OpenVPN client to multiple VPN networks - routes not working

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      caldwell
      last edited by

      I have a pfSense (2.latest) with OpenVPN.  Scenario below:

      1. pfSense locally is running 192.168.10.0/24

      2. pfSense connects as a client to VPN server 1 which should be the default gateway for all traffic in general.  It runs a 10.x.x.x network.

      3. pfSense needs to connect to VPN server 2 which has VPN network 192.168.11.0/24.  Behind VPN server 2 is network 192.168.12.0/24.  I need to connect to that network from machines on my LAN.

      4. pfSense needs to connect to VPN server 3 which has VPN network 172.16.20.0/24.  Behind VPN server 3 is network 172.16.0.0/21.  I need to connect to that network from machines on my LAN.

      Does anyone have a working set of steps to do this?  Looking for a clear step-by-step how to.

      TIA.

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        What you're describing is a typical (for me anyway) group of Site-Site networks using SSL/TLS.

        Your home network is a "client" to each of the other "server" networks

        I do this all the time my home network connects to 25+ clients simultaneously allowing me access to all their subnets (takes a little planning to make sure the subnets don't overlap).

        My suggestion would be to get the server1 site-site up and running properly and then add the others one at a time.

        The pfSense docs have a number of writeups on the topic :http://doc.pfsense.org/index.php/Category:OpenVPN

        This one is probably closest to what you need for a single site-site setup: https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)

        Try and get one up and running, we'll be here to help with any questions.

        Once you have one up, you really just add another client for every server you want to connect.

        Let us know how it goes  ;)

        -jfp

        1 Reply Last reply Reply Quote 0
        • C
          caldwell
          last edited by

          I've gotten a basic site-to-site working with my main VPN server which I use as the default gateway.  For this to work, I

          1. assigned a VPN interface
          2. created a gateway under Routing
          3. created a route statement to use the gateway under Routing
          4. created a firewall rule for all traffic to be allowed over that VPN network through the gateway

          I had found a document online which described this somewhat convoluted way of doing things so that instead of using the ISP as the default route, it uses the main VPN as the default route.  I need that and am happy with it, although it did seem convoluted and not at all intuitive.

          I have created site-to-site client VPN configurations and can get them to connect.  But I can't get any of the routing to work to the other sites for my machines.

          I can, for instance, ping a remote machine on one of the secondary VPNs from the pfSense box itself.  But if I try to ping the same machine from my laptop, it doesn't work.

          Traceroutes stop AT the pfSense box.

          So, I'm still no further than I was.

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            Can we try to solve this with a simplified version of your setup?

            I would suggest  that we pick 3 sites:
            The "main" OpenVPN server - Site1
            First VPN client - Site2
            Next VPN client - Site3

            For each Site we need:

            Site 1 LAN Subnet ????
            Site 1 OpenVPN Tunnel Subnet ???
            Site 2 LAN Subnet ????
            Site 2 OpenVPN Tunnel Subnet ???
            Site 3 LAN Subnet ????
            Site 3 OpenVPN Tunnel Subnet ???

            Can you post the OpenVPN server config screens for Site1 and the client config screens for Site 2 and Site 3?

            -jfp

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.