OPNsense Forum

English Forums => General Discussion => Topic started by: Σουπεργιούζερ on March 28, 2016, 10:55:24 pm

Title: Is it possible to cascade VPNs (i.e. put multiple VPNs in a row)?
Post by: Σουπεργιούζερ on March 28, 2016, 10:55:24 pm

Hi everyone,

is it possible to cascade VPNs?

Example:

Setup:
- Box 1 with WAN (Internet), LAN, DMZ. It is possible to enter the LAN from WAN through VPN.
- connected to LAN is Box 2 which sees the LAN of box 1 as its WAN. It has two own zones, e.g. WLAN and LAN2
- Box 2 shall only accept incoming traffic to its LAN2 from its WAN via VPN, let's call it VPN2

Task: A road warrior in the internet wants to connect to LAN2.

Question: The road warrior would need to connect via VPN first to LAN of box 1 and then from there on to connect again via a second VPN tunnel to LAN2 of box2, correct? Is that possible?

Thanx

Title: Re: Is it possible to cascade VPNs (i.e. put multiple VPNs in a row)?
Post by: bartjsmit on March 29, 2016, 08:30:23 pm

Yes, there shouldn't be an issue to configure a site-to-site VPN between the two firewalls. The second firewall needs to allow private IP ranges on its WAN interface and you'll need a static route on box 1 for LAN2. Push the same static route out to your road warriors (if they are using split tunnels).

Bart...