Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: Porfavor on November 27, 2022, 07:54:39 PM

Title: Make LAN from other site to site VPN accesible to clients conn. to different VPN
Post by: Porfavor on November 27, 2022, 07:54:39 PM
Hello,

I have setup two VPN servers on my opnsense (at a remote location). One is a peer-to-peer VPN where the remote network is my home LAN. This works well.

Moreover, I setup a second server for remote access. It is possible to connect to this server and reach the actual local LAN. Though, I cannot reach the home LAN through it. I entered this network into Local IPv4 network within the server settings.

What else do I have to do? Or isn't this possible?
Title: Re: Make LAN from other site to site VPN accesible to clients conn. to different VPN
Post by: bartjsmit on November 27, 2022, 10:31:34 PM
For each VPN you need to configure routing for all remote subnets to go via OPNsense. If your three networks are A, B and C then devices on each need to have a route to the other two. If the VPN is hosted on the default gateway for a network, then you only need to set up the routing there. If it isn't, you need to push out static routes to the clients; either through the VPN config file or through DHCP. or at a last resort by setting them on each device.

Remember that packets need to travel both ways; from the sender to the destination and replies back the same route. Each hop along each path needs to know how to reach both ends.

Bart...
Title: Re: Make LAN from other site to site VPN accesible to clients conn. to different VPN
Post by: Porfavor on November 27, 2022, 11:04:10 PM
Thank you for your reply.

The situation is as follows:

- Mobile Device (let's call this network C) connects to OPNsense on network B. Network B is connected to network A via different OpenVPN Server / Peer to Peer. I want to reach network A from network C.
- Network A has a router in between network B and network A's OPNsense.
- I have set a route on the router of network A regarding VPN-network of the access server as I did with the VPN-Network from network B of the site to site server.
- I haven't set any custom routes on network B's OPNsense.
- There does exist a route (on OPNsense network B) to networks A's LAN via the OPNsense on network A.

How can I achieve this? Set a route at System -> Routes -> Configuration? If so, I am not sure how to do this.
Title: Re: Make LAN from other site to site VPN accesible to clients conn. to different VPN
Post by: Porfavor on November 28, 2022, 12:02:41 AM
Resolved:

Solution https://forum.netgate.com/topic/83777/openvpn-multiple-site-to-multisites-routing/19 (https://forum.netgate.com/topic/83777/openvpn-multiple-site-to-multisites-routing/19) by jdp0418.
Text only | Text with Images