subject:"\[pfSense\] Multiple OpenVPNs \(site to site\) to one head end"

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-25 Thread Chris L

> On Nov 22, 2017, at 9:34 AM, Ryan Coleman  wrote:
> 
> I want to pass the entire traffic from a few locations through one master. 
> 
> I have one site working. But when I try to connect the second site it kills 
> the first.
> 
> I have IPSec for some basic network connections as a backup for the moment 
> that allows me to get to customer servers but I want to run all my traffic 
> because… Comcast. 
> 
> I have Gig Fiber at the headend, bandwidth is not an issue.
> 
> Does anyone have a tried/tested example of getting either OpenVPN full tunnel 
> working on a (multiple sites)-to-(one site) or an IPSec configuration example 
> that would allow for 100% routing? 
> 
> My guinea pig is my home network. I have one customer that is also on Comcast 
> that is using the full site-to-site tunnel and I cannot afford to drop during 
> store hours.
> 
> Thanks!
> 

If you are trying to use a server-mode connection (SSL/TLS with larger than a 
/30 tunnel network) and you are getting one connection then the second kills 
the first it sounds like you are trying to use the same credentials for each 
site but don’t have Duplicate Connections enabled on the server.

My suggestion would be to leave Duplicate Connections disabled and use discrete 
credentials for each site.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Eero Volotinen

Take look of this how to:

https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel

adding site is simple, just replicate site A with different lan addressing.

Eero

2017-11-23 8:19 GMT+02:00 Eero Volotinen :

> Hi Ryan,
>
> Ipsec is the way you want to go. We have multiple sites connecting our HQ
> running sg-8860 with similar setup.
>
> Please note that you need different ip ranges on each site. (for example
> site1: 192.168.2.0/24, site2: 192.168.3.0/24 and hq site with
> 192.168.4.0/24)
>
> --
> Eero
>
> 2017-11-22 19:34 GMT+02:00 Ryan Coleman :
>
>> I want to pass the entire traffic from a few locations through one master.
>>
>> I have one site working. But when I try to connect the second site it
>> kills the first.
>>
>> I have IPSec for some basic network connections as a backup for the
>> moment that allows me to get to customer servers but I want to run all my
>> traffic because… Comcast.
>>
>> I have Gig Fiber at the headend, bandwidth is not an issue.
>>
>> Does anyone have a tried/tested example of getting either OpenVPN full
>> tunnel working on a (multiple sites)-to-(one site) or an IPSec
>> configuration example that would allow for 100% routing?
>>
>> My guinea pig is my home network. I have one customer that is also on
>> Comcast that is using the full site-to-site tunnel and I cannot afford to
>> drop during store hours.
>>
>> Thanks!
>>
>> —
>> Ryan
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Eero Volotinen

Hi Ryan,

Ipsec is the way you want to go. We have multiple sites connecting our HQ
running sg-8860 with similar setup.

Please note that you need different ip ranges on each site. (for example
site1: 192.168.2.0/24, site2: 192.168.3.0/24 and hq site with 192.168.4.0/24
)

--
Eero

2017-11-22 19:34 GMT+02:00 Ryan Coleman :

> I want to pass the entire traffic from a few locations through one master.
>
> I have one site working. But when I try to connect the second site it
> kills the first.
>
> I have IPSec for some basic network connections as a backup for the moment
> that allows me to get to customer servers but I want to run all my traffic
> because… Comcast.
>
> I have Gig Fiber at the headend, bandwidth is not an issue.
>
> Does anyone have a tried/tested example of getting either OpenVPN full
> tunnel working on a (multiple sites)-to-(one site) or an IPSec
> configuration example that would allow for 100% routing?
>
> My guinea pig is my home network. I have one customer that is also on
> Comcast that is using the full site-to-site tunnel and I cannot afford to
> drop during store hours.
>
> Thanks!
>
> —
> Ryan
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Ryan Coleman

I’m doing keys… I figured that might be the root issue… 

Thanks! 

> On Nov 22, 2017, at 11:54 AM, Doug Lytle  wrote:
> 
 I have one site working. But when I try to connect the second site it 
 kills the first.
> 
> I don't have anything written up, but I have this set up at home.  Three 
> remote sites connect to me.
> 
> You need to make sure you issue different certificates to each end point, if 
> you're sharing certs, you'll disconnect the first when trying to connect the 
> second.
> 
> Doug
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Doug Lytle

>>> I have one site working. But when I try to connect the second site it kills 
>>> the first.

I don't have anything written up, but I have this set up at home.  Three remote 
sites connect to me.

You need to make sure you issue different certificates to each end point, if 
you're sharing certs, you'll disconnect the first when trying to connect the 
second.

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread WebDawg

I have done site to site vpns and usually you have to add some static
routes and check firewall rules.

On Wed, Nov 22, 2017 at 11:34 AM, Ryan Coleman  wrote:
> I want to pass the entire traffic from a few locations through one master.
>
> I have one site working. But when I try to connect the second site it kills 
> the first.
>
> I have IPSec for some basic network connections as a backup for the moment 
> that allows me to get to customer servers but I want to run all my traffic 
> because… Comcast.
>
> I have Gig Fiber at the headend, bandwidth is not an issue.
>
> Does anyone have a tried/tested example of getting either OpenVPN full tunnel 
> working on a (multiple sites)-to-(one site) or an IPSec configuration example 
> that would allow for 100% routing?
>
> My guinea pig is my home network. I have one customer that is also on Comcast 
> that is using the full site-to-site tunnel and I cannot afford to drop during 
> store hours.
>
> Thanks!
>
> —
> Ryan
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

6 matches

Site Navigation

Mail list logo

Footer information