Re: [pfSense] Multiple OpenVPNs (site to site) to one head end
> On Nov 22, 2017, at 9:34 AM, Ryan Colemanwrote: > > I want to pass the entire traffic from a few locations through one master. > > I have one site working. But when I try to connect the second site it kills > the first. > > I have IPSec for some basic network connections as a backup for the moment > that allows me to get to customer servers but I want to run all my traffic > because… Comcast. > > I have Gig Fiber at the headend, bandwidth is not an issue. > > Does anyone have a tried/tested example of getting either OpenVPN full tunnel > working on a (multiple sites)-to-(one site) or an IPSec configuration example > that would allow for 100% routing? > > My guinea pig is my home network. I have one customer that is also on Comcast > that is using the full site-to-site tunnel and I cannot afford to drop during > store hours. > > Thanks! > If you are trying to use a server-mode connection (SSL/TLS with larger than a /30 tunnel network) and you are getting one connection then the second kills the first it sounds like you are trying to use the same credentials for each site but don’t have Duplicate Connections enabled on the server. My suggestion would be to leave Duplicate Connections disabled and use discrete credentials for each site. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multiple OpenVPNs (site to site) to one head end
Take look of this how to: https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel adding site is simple, just replicate site A with different lan addressing. Eero 2017-11-23 8:19 GMT+02:00 Eero Volotinen: > Hi Ryan, > > Ipsec is the way you want to go. We have multiple sites connecting our HQ > running sg-8860 with similar setup. > > Please note that you need different ip ranges on each site. (for example > site1: 192.168.2.0/24, site2: 192.168.3.0/24 and hq site with > 192.168.4.0/24) > > -- > Eero > > 2017-11-22 19:34 GMT+02:00 Ryan Coleman : > >> I want to pass the entire traffic from a few locations through one master. >> >> I have one site working. But when I try to connect the second site it >> kills the first. >> >> I have IPSec for some basic network connections as a backup for the >> moment that allows me to get to customer servers but I want to run all my >> traffic because… Comcast. >> >> I have Gig Fiber at the headend, bandwidth is not an issue. >> >> Does anyone have a tried/tested example of getting either OpenVPN full >> tunnel working on a (multiple sites)-to-(one site) or an IPSec >> configuration example that would allow for 100% routing? >> >> My guinea pig is my home network. I have one customer that is also on >> Comcast that is using the full site-to-site tunnel and I cannot afford to >> drop during store hours. >> >> Thanks! >> >> — >> Ryan >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > > > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multiple OpenVPNs (site to site) to one head end
Hi Ryan, Ipsec is the way you want to go. We have multiple sites connecting our HQ running sg-8860 with similar setup. Please note that you need different ip ranges on each site. (for example site1: 192.168.2.0/24, site2: 192.168.3.0/24 and hq site with 192.168.4.0/24 ) -- Eero 2017-11-22 19:34 GMT+02:00 Ryan Coleman: > I want to pass the entire traffic from a few locations through one master. > > I have one site working. But when I try to connect the second site it > kills the first. > > I have IPSec for some basic network connections as a backup for the moment > that allows me to get to customer servers but I want to run all my traffic > because… Comcast. > > I have Gig Fiber at the headend, bandwidth is not an issue. > > Does anyone have a tried/tested example of getting either OpenVPN full > tunnel working on a (multiple sites)-to-(one site) or an IPSec > configuration example that would allow for 100% routing? > > My guinea pig is my home network. I have one customer that is also on > Comcast that is using the full site-to-site tunnel and I cannot afford to > drop during store hours. > > Thanks! > > — > Ryan > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multiple OpenVPNs (site to site) to one head end
I’m doing keys… I figured that might be the root issue… Thanks! > On Nov 22, 2017, at 11:54 AM, Doug Lytlewrote: > I have one site working. But when I try to connect the second site it kills the first. > > I don't have anything written up, but I have this set up at home. Three > remote sites connect to me. > > You need to make sure you issue different certificates to each end point, if > you're sharing certs, you'll disconnect the first when trying to connect the > second. > > Doug > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multiple OpenVPNs (site to site) to one head end
>>> I have one site working. But when I try to connect the second site it kills >>> the first. I don't have anything written up, but I have this set up at home. Three remote sites connect to me. You need to make sure you issue different certificates to each end point, if you're sharing certs, you'll disconnect the first when trying to connect the second. Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multiple OpenVPNs (site to site) to one head end
I have done site to site vpns and usually you have to add some static routes and check firewall rules. On Wed, Nov 22, 2017 at 11:34 AM, Ryan Colemanwrote: > I want to pass the entire traffic from a few locations through one master. > > I have one site working. But when I try to connect the second site it kills > the first. > > I have IPSec for some basic network connections as a backup for the moment > that allows me to get to customer servers but I want to run all my traffic > because… Comcast. > > I have Gig Fiber at the headend, bandwidth is not an issue. > > Does anyone have a tried/tested example of getting either OpenVPN full tunnel > working on a (multiple sites)-to-(one site) or an IPSec configuration example > that would allow for 100% routing? > > My guinea pig is my home network. I have one customer that is also on Comcast > that is using the full site-to-site tunnel and I cannot afford to drop during > store hours. > > Thanks! > > — > Ryan > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold