Netgate SG-1000 microFirewall

Author Topic: Inter Site Communication Between two VPN Clients Site  (Read 99 times)

0 Members and 1 Guest are viewing this topic.

Offline ashima

  • Full Member
  • ***
  • Posts: 138
  • Karma: +2/-0
    • View Profile
Inter Site Communication Between two VPN Clients Site
« on: January 24, 2018, 05:04:02 am »
Hello everyone,


      My Scenario :


                 Pfsense   working as openvpn server at head office

Site A, Site B  are connecting to Openvpn Server at head Office through OpenVPn Tunnel

Communication happening between Site A and head office and vice versa
Similarly between Site B and head office.

I would like to access Server at Site A from Server at Site B. (Inter Site Communication)

Unfortunately option Inter Client communication is not available for OpenVPN server (Site 2 Site)

I tried putting Site A lan subnet in CSO of Site B local network in Openvpn Server. This pushed the route to Site B. I was able to ping server at Site A from the firewall but not from any other device from Site B.

What am I missing ? Any help ?

Regards,
Ashima

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2693
  • Karma: +284/-1
    • View Profile
Re: Inter Site Communication Between two VPN Clients Site
« Reply #1 on: January 24, 2018, 08:14:11 am »
You need a CSO for both sites. Consider that CSO only works with TLS auth. and client certificates and that the common name in CSO must match that one in the cert.

In the CSO for A enter the head office and the site B LAN subnets at "IPv4 Local Network/s" and the site A LAN at "IPv4 Remote Network/s".
In the client config on A enter the head office and the site B LAN subnets  at "IPv4 Remote network(s)".

Accordingly to this also configure CSO and client for B.

Also configure the firewall rules on each node to permit the access.

Consider that also the operating systems firewall of the destination device may block access from the other sites.

Offline ashima

  • Full Member
  • ***
  • Posts: 138
  • Karma: +2/-0
    • View Profile
Solved: Inter Site Communication Between two VPN Clients Site
« Reply #2 on: January 24, 2018, 10:05:32 am »


   Thank you  @viragomann

" In the client config on A enter the head office and the site B LAN subnets  at "IPv4 Remote network(s)" "

This is what made it work. I was trying to do so since morning.


Regards,
Ashima