Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Hub and Spoke VPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Hub and Spoke VPN (Read 1985 times)
Marvin
Newbie
Posts: 4
Karma: 0
Hub and Spoke VPN
«
on:
August 19, 2020, 09:56:56 pm »
Can OPNsense support Hub-and-Spoke VPN configuration?
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: Hub and Spoke VPN
«
Reply #1 on:
August 19, 2020, 10:25:25 pm »
Yes, absolutely.
Someone may even be able to tell you how if you provide more details
Bart...
Logged
Marvin
Newbie
Posts: 4
Karma: 0
Re: Hub and Spoke VPN
«
Reply #2 on:
August 20, 2020, 02:10:16 am »
We are trying to replace an old system that has been doing this for years (but is no longer supported or update-able).
This system uses only one wan interface (vtnet0). It runs 2 IPSec tunnels and routes traffic between them with NAT. One tunnel connects to a customer that insists on their remote side to be 10.0.0.0/8 and the devices we connect to are very non-contiguous. Obviously that 10.0.0.0/8 conflicts not only with our internal network structure but also conflicts with other customer VPN NATing we must do.
So our solution has been (for many years) to run a separate VPN device that only serves this customer. One IPSec tunnel to that customer with their 10.0.0.0/8 and one IPSec tunnel to our main system configured as we need it to be. Then the traffic is NATed, with both individual IP to individual IP subnet to subnet and passed between the tunnels.
I have attempted to replicate this setup with OPNsense. I can get both IPSec tunnels to run. But i cannot get traffic NAT properly and route to the other tunnel. All ports are unchanged, only the IPs are mapped. Here is a very simplified drawing:
IPSec to us NATing IPSec to them
(local) (remote)
172.100.1.0/24 <===> 172.100.1.0/24 <-> 192.168.100.0/24 <===> 192.168.100.0/24
(remote) (local)
172.200.10.32/28 <===> 172.200.10.34 <-> 10.1.30.17 <===> 10.0.0.0/8
172.200.10.35 <-> 10.1.42.6
172.200.10.36 <-> 10.8.98.16
Any help with this would be appreciated. Let me know if additional data would be useful.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Hub and Spoke VPN
«
Reply #3 on:
August 20, 2020, 07:42:10 am »
Did you follow the binat guide how to do Nat in IPsec with OPN?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Hub and Spoke VPN