Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Multiple IPSec VPNs with different firewall rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multiple IPSec VPNs with different firewall rules (Read 8459 times)
0xDEADC0DE
Newbie
Posts: 49
Karma: 1
Multiple IPSec VPNs with different firewall rules
«
on:
April 15, 2017, 12:08:23 am »
I have my main office with address: 192.168.0.x/24
Office 2 with 192.168.10.x/24
Office 3 with 192.168.10.x/24
and one road warrior IPSec VPN.
How can I configure the road warrior VPN to have full access to the main office
and Office 2 and Office 3 only access to specific hosts and ports?
With ZyWALL I could configure different Zones for every VPN and assign different rules.
Here I have configured the rules based on the IP range for now, but with road warrior VPN, I don't know the IPs.
I couldn't find any good documentation or I missed it.
Thanks for your help.
«
Last Edit: April 15, 2017, 09:52:14 pm by 0xDEADC0DE
»
Logged
pbolduc
Newbie
Posts: 42
Karma: 4
Re: Multiple IPSec VPNs with different firewall rules
«
Reply #1 on:
May 06, 2017, 06:15:08 pm »
Each remote site should be on its own separate subnet. For instance office 2&3 should not be using the same network segment, this will cause a routing problem. I only know of Cisco that can handle this properly.
You need to ensure static routes are inplace for your road warrior subnet to locate these other remote sites through the Ipsec tunnel instead of through the default WAN Gateway. You will also need static routes from the remote offices routing back to your road warrior vpn router endpoint through the Ipsec tunnel.
Firewall policies need to be configured to allow this additional network traffic to come and go for each gateway interface through the existing IPSec tunnel.
Assuming your road warrior vpn endpoint is installed at the main office. The road warrior Client will also require persistent static routes setup in the local routing table for office 2 & 3 to ensure traffic destined for remote offices goes through the VPN tunnel and not out the local device default gateway, as there isnt a direct connection from the road warrior device to these two remote networks (office 2 & 3).
«
Last Edit: May 06, 2017, 07:17:34 pm by pbolduc
»
Logged
0xDEADC0DE
Newbie
Posts: 49
Karma: 1
Re: Multiple IPSec VPNs with different firewall rules
«
Reply #2 on:
May 28, 2017, 02:04:48 am »
I have changed Office 3
from 192.168.10.x/24
to 192.168.20.x/24
But still, how can I distinguish in the firewall rules between the different road warrior VPNs and the site2site VPNs?
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Multiple IPSec VPNs with different firewall rules
«
Reply #3 on:
May 28, 2017, 09:29:24 pm »
Use aliases perhaps?
https://docs.opnsense.org/manual/aliases.html
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Multiple IPSec VPNs with different firewall rules