Jeremy & Vick, I'm open to considering an IPSec if that's the best option for this use case. We're talking about 8 locations starting out, with a 9th office opening shortly thereafter, and the possibility of going up to a total of 15-20 sites within 1-2 years after that.
When I read https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site, I see that an OpenVPN setup with SSL/TLS would be the way to go. I didn't think I would have to setup a new server / port for each remote office. I thought that, with the SSL/TLS setup, I could have a single server and configure it so that clients can see & interact with each other. I have pfSense with OpenVPN in my own office, and seem to recall seeing this setting in the past. On Tue, Jun 7, 2016 at 8:02 PM, Vick Khera <vi...@khera.org> wrote: > On Tue, Jun 7, 2016 at 3:03 PM, David White <dmwhite...@gmail.com> wrote: > > > I know that this can be done, but I've never actually done it. Are there > > some good resources I can review, besides > > https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site > > > > ? For branch offices, > > > > If you can manage it, and the remotes are on static IPs, I'd suggest trying > IPSec. > > If you are going with OpenVPN, then you basically will need to set up one > "server" per remote, each on its own port number. I like to only open the > firewall to that port from the IP of the remote that will use it. Depending > on how many you have and how tight you want it, you could just make an > alias of all the ports and an alias of all the remote IPs and set up one > rule to allow all of that at one shot. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- David White Founder & CEO 423-693-4234 @developCENTS <https://twitter.com/developcents> https://developcents.com *Develop CENTS* Computing, Equipping, Networking, Training & Supporting for small businesses and nonprofits Providing: Web Hosting, Technical Support & IT Consulting *Signup to our Newsletter at <https://developcents.com/contact>https://developcents.com/contact/ <https://developcents.com/contact/>* _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold