The pfSense Store

Author Topic: Routing between Site-to-site VPN setups  (Read 142 times)

0 Members and 1 Guest are viewing this topic.

Offline bwhiteford

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Routing between Site-to-site VPN setups
« on: December 18, 2017, 12:05:22 pm »
Hello all! Thanks very much for the wonderful community here.

We have pfSense deployed very successfully with one central site and 10 remote sites connected site-to-site using OpenVPN. This configuration has been rock-solid for us and has been stable for about a year. Initially, the only requirement was for the remote sites to be able to access resources at our central site and vice versa. The requirement has now come up where remote sites will need to be able to access resources at other remote sites or via client VPN. I have not been able to make this work yet.

For example:
Central site networks: 192.168.200.0/24, 192.168.210.0/24, etc.
Remote site 1: Single 10.1.100.0/24 network
Remote site 2: Single 10.1.101.0/24 network

Presently, remote sites 1 and 2 can access resources at the central site, and the central site can access resources at the remote sites. But, remote site 1 cannot access resources at remote site 2. We presently have the firewall rules for OpenVPN wide open as we don't have a need to secure things in that manner yet.

Can someone give me some ideas to look into?

Thanks very much!
Brooks

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9606
  • Karma: +1090/-309
    • View Profile
Re: Routing between Site-to-site VPN setups
« Reply #1 on: December 18, 2017, 12:50:04 pm »
Did you add (or push if using server mode) the remote site 1 network to remote site 2 as a Remote Network? And Vice Versa?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline bwhiteford

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Routing between Site-to-site VPN setups
« Reply #2 on: December 18, 2017, 11:25:38 pm »
Doh! That's exactly what it was, thank you Derelict. Didn't even think about that.

It's working great now.

Thanks again!
Brooks