Author Topic: Site to Site SSL with multiple site (Read 3897 times)

Julien · « **on:** August 07, 2017, 08:12:21 pm »

Dear All,
we have managed to configure a site to site OPENVPN server succecefully.
everything is working fine between site A and Site B. the steps are here https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html?highlight=vpn

Site A is the server and B is the client.
We are willing to connect Site C to the Site VPN A using the same shared key.
On site C firewall adde the client with the shared key from site A firewall however the tunnel is not up and running.
is this even possible with opnsense ? or we do have to create for each site a SSL VPN ?

Julien · « **Reply #1 on:** August 07, 2017, 10:46:49 pm »

I managed to get this fixed,
we have to create for each tunnel a server.

epoch · « **Reply #2 on:** August 07, 2017, 10:50:41 pm »

Well the doc is using ovpn in peer to peer mode. So if you have A using port 1194 to exchange with B, C can't connect to A because it's busy.
You could use server mode for site A, in this case a single instance would be used to connect B and C. Not sure this is desirable in terms of design, A becomes a single point of failure and I'm unsure how it would react to option "client-to-client".
It's probably more advisable to add another peer-to-peer instance on site A dedicated to communicating with site C. An idle instance doesn't cost anything in itself.

Julien · « **Reply #3 on:** August 08, 2017, 06:37:49 pm »

I've got the idea already and managed to create a server for each site.
it does works fine with pre shared key.
I am looking to get it working with tls just can't seem to find a tutorial for this.

Author Topic: Site to Site SSL with multiple site (Read 3897 times)

Julien

Site to Site SSL with multiple site

Julien

Re: Site to Site SSL with multiple site

epoch

Re: Site to Site SSL with multiple site

Julien

Re: Site to Site SSL with multiple site