Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: keith@quikmart.com on January 04, 2025, 12:07:42 AM

Title: Spoke to Spoke communication
Post by: keith@quikmart.com on January 04, 2025, 12:07:42 AM
I have multiple remote locations.  I have an OPNSense VPN connection to each remote location from our main office and it is working fine.  However, I need to be able to communicate between spokes.  How do I get spoke to spoke communication?
Title: Re: Spoke to Spoke communication
Post by: bartjsmit on January 04, 2025, 10:19:34 AM
Enable client-to-client in the miscellaneous options
Title: Re: Spoke to Spoke communication
Post by: keith@quikmart.com on January 07, 2025, 04:46:32 AM
Thank you for the quick reply. However, I do not see the client-to-client option under miscellaneous.
Title: Re: Spoke to Spoke communication
Post by: bartjsmit on January 07, 2025, 08:23:13 AM
Do you use OpenVPN?
Title: Re: Spoke to Spoke communication
Post by: keith@quikmart.com on January 07, 2025, 06:05:32 PM
I am using IPSec VPN.
Title: Re: Spoke to Spoke communication
Post by: bartjsmit on January 08, 2025, 07:57:16 AM
AFAIK they are strictly point-to-point
Title: Re: Spoke to Spoke communication
Post by: Patrick M. Hausen on January 08, 2025, 02:43:26 PM
You need to add the networks of all other remote offices to the phase 2 ("child") SA for each spoke.

So e.g.

Main office: 192.168.0.0/24
Remote 1: 192.168.1.0/24
Remote 2: 192.168.2.0/24
...

VPN for remote 1

Main - local: 192.168.0.0/24, 192.168.2.0/24, ..., remote: 192.168.1.0/24
Remote 1 - local: 192.168.1.0/24, remote: 192.168.0.0/24, 192.168.2.0/24, ...

HTH
Patrick
Text only | Text with Images