pfSense Gold Subscription

Author Topic: OpenVPN Routing Site-to-Site tunnel to Remote Access VPN tunnel  (Read 99 times)

0 Members and 1 Guest are viewing this topic.

Offline buomque

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
OpenVPN Routing Site-to-Site tunnel to Remote Access VPN tunnel
« on: December 06, 2017, 02:01:37 pm »
Main Office Configuration:
Local network: 192.168.10.1

Main Office Site-To-Site VPN server:
IPv4 Tunnel Network: 192.168.90.0/24
IPv4 Remote network(s): 192.168.110.0/24, 192.168.111.0/24

Main Office Remote Access VPN server:
IPv4 Tunnel Network: 192.168.80.0/24
IPv4 Local network(s): 192.168.10.0/24, 192.168.110.0/24, 192.168.111.0/24

Satellite Facility #1 Configuration:
Local network: 192.168.110.1

Satellite Facility Site-To-Site #1 VPN Client:
IPv4 Tunnel Network: 192.168.90.0/30
IPv4 Remote network(s): 192.168.10.0/24, 192.168.80.0/24

Satellite Facility #2 Configuration:
Local network: 192.168.111.1

Satellite Facility Site-To-Site #2 VPN Client:
IPv4 Tunnel Network: 192.168.90.0/30
IPv4 Remote network(s): 192.168.10.0/24, 192.168.80.0/24

I create a new interface for 192.168.90.0/24 tunnel, called Site-To-Site
I create a new interface for 192.168.80.0/24 tunnel, called Remote Access

From Main Office Site-To-Site VPN server:, I can access both 192.168.110.0/24 and 192.168.111.0/24

My laptop is connecting to Remote Access tunnel. How can I do routing, so that my laptop can get to all LAN networks which are accessible from Main Office Site-To-Site VPN server:?




Offline marvosa

  • Hero Member
  • *****
  • Posts: 752
  • Karma: +39/-0
    • View Profile
Re: OpenVPN Routing Site-to-Site tunnel to Remote Access VPN tunnel
« Reply #1 on: December 07, 2017, 06:58:03 pm »
At a high level, you would need to push each LAN you want to access to out to your clients and then enter the remote access tunnel network in the config of each remote location.

You also don't need to create interfaces unless you're doing policy routing.

Offline buomque

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Routing Site-to-Site tunnel to Remote Access VPN tunnel
« Reply #2 on: December 07, 2017, 07:46:27 pm »
Thanks for the info Marvosa!

One more question, is there a way to route all available LANs from site-to-site tunnel to Remote Access tunnel? Or pushing each LAN is a more proper way to do?