Site to Site SSL with multiple site

Started by Julien, August 07, 2017, 08:12:21 PM

Previous topic - Next topic
Dear All,
we have managed to configure a site to site OPENVPN server succecefully.
everything is working fine between site A and Site B. the steps are here https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html?highlight=vpn

Site A is the server and B is the client.
We are willing to connect Site C to the Site VPN A using the same shared key.
On site C firewall adde the client with the shared key from site A firewall however the tunnel is not up and running.
is this even possible with opnsense ? or we do have to create for each site a SSL VPN ?

DEC4240 – OPNsense Owner

I managed to get this fixed,
we have to create for each tunnel a server.
DEC4240 – OPNsense Owner

Well the doc is using ovpn in peer to peer mode. So if you have A using port 1194 to exchange with B, C can't connect to A because it's busy.
You could use server mode for site A, in this case a single instance would be used to connect B and C. Not sure this is desirable in terms of design, A becomes a single point of failure and I'm unsure how it would react to option "client-to-client".
It's probably more advisable to add another peer-to-peer instance on site A dedicated to communicating with site C. An idle instance doesn't cost anything in itself.

August 08, 2017, 06:37:49 PM #3 Last Edit: August 08, 2017, 07:52:25 PM by Julien
I've got the idea already and managed to create a server for each site.
it does works fine with pre shared key.
I am looking to get it working with tls just can't seem to find a tutorial for this.
DEC4240 – OPNsense Owner