I have been using pfSense for a couple of years or so now. I use it to access my home network from remote. It works very well for what I need.
Recently, one of my sons set up a pfSense box for the same purpose.
Today, we decided to create a site to site vpn between the two pfSense boxes. This works and we can both access resources on the other’s network.
But, we would like to have access to both networks when we are connected from remote in our personal VPN. In our case, openvpn server 1 on both boxes connect on the 1194 port. The second openvpn server is the site to site vpn.
How or what do we need to do to make both networks available to each others remote connection? I am at a loss as to how to accomplish this. Thus would make a great tutorial video Tom (hint hint) haha
It takes some extra routing but if you are using Wireguard for the site to site you should be able to ad the extra routes from OpenVPN in. Not a setup I have tested.
If you have your two sites connected with say a peer-to-peer OpenVPN connection then it sounds like you are on at least different subnets.
You can setup a OpenVPN Remote Access Server at each site to access either networks when you are on the road. Switching between the OpenVPN clients on your phone is easy enough. So you have access to one network, where all the traffic on your mobile is routed through the VPN.
If you do not route all your traffic through the VPN, you can state the remote network in OpenVPN. However, in your client on the road the internet traffic won’t be routed through the VPN.
I’m trying to solve this last bit myself, where ALL traffic is passed through the VPN AND the remote network can be accessed. I’m doing this in a vm but not finished my build as it’s a bit involving. But I believe the solution is along the lines of pushing routes in OpenVPN under the custom configuration. There is probably a couple of ways of doing this hence I’m testing this out in a vm rather than live environment.
I should have described the networks a little better. i will try to clarify.
Network “A” (We will call Joe’s Network)
Local Network 192.168.10.0/24
OpenVPN on port 1194 with tunnel network 10.11.12.0/24 (For personal remote access)
OpenVPN on port 1195 with tunnel network 10.10.10.0/24 (site to site with Network “B” using a shared key and plays the server role.)
Network “B” (We will call this Zach’s Network)
Local Network 192.168.50.0/24
OpenVPN on port 1194 with tunnel network 10.20.30.0/24
OpenVPN on port 1195 with tunnel network 10.10.10.0/24 (site to site with Network “A” using shared key and plays the client role.)
Scenario 1:
I am connected to Network “A” using OpenVPN on tunnel network 10.11.12.0/24. I can connect to resources on Network “A” but resources on Network “B” are inaccessible.
Scenario 2:
I am connected on my office computer on the local network “A” 192.168.10.0/24. Resources from Network “A” are available and resources from Network “B” are available to me.
Scenario 3:
Zach is connected to Network “B” using OpenVPN on tunnel network 10.20.30.0/24. I can connect to resources on Network “B” but resources on Network “A” are inaccessible.
Scenario 4:
Zach is connected to a computer on the local network “B” 192.168.50.0/24. Resources from Network “b” are available and resources from Network “A” are available to him.
What I would like to do is:
If I am connected to Network “A” with OpenVPN tunnel network 10.11.12.0/24, I want to be able to access resources on both Network “A” 192.168.10.0/24 and Network “B” 192.168.50.0/24
I also want the same functionality for the other side.
If Zach is connected to Network “B” with OpenVPN tunnel network 10.20.30.0/24, He will need to be able to access resources on both Network “A” 192.168.10.0/24 and Network “B” 192.168.50.0/24
I am battling with basically the same scenario.
My pfSense OpenVPN running 2 servers, one for the S2S connections to my sites, my sites are using Mikrotik routers and certs to connect, no problem.
My second OpenVPN server is for my windows clients, they can access the pfSense network 100%, but can’t access my Mikrotik sites which are all on different networks.
From my pfSense OpenVPN server, I can ping all the devices at all the sites.
For some reason the 2 OpenVPN servers on the same pfSense box isn’t allowing connectivity between the 2 networks.
I added 2 interfaces and allow all traffic (firewall rules) for both OpenVPN servers but still no connectivity.
Remote networks are all added in the OpenVPN server (S2S) 10.1.0.0/16, 10.2.0.0/16, 10.3.0.0/16, 10.4.0.0/16, 10.5.0.0/16, 10.6.0.0/16, 10.7.0.0/16.