[pfSense] OpenVPN - site to site questions

runinva at gmail.com runinva at gmail.com
Sun Feb 26 14:53:58 EST 2012 

Thanks for the insight. For VOIP traffic in my previous IPSec setup I
used a subnet mask of /23 at the main site where  the VOIP call
manager resided and /24 for all remote sites. That way the TCP VOIP
call setup was possible as well as direct UDP connections between
VOIPs at each remote site. Of course, all packets routed through the
main site as expected in a hub-spoke. All other services already
reside at the main site and are point to point to each remote site.
VOIP is the only service requiring direct communication between the
remote sites. In OpenVPN language I assume a similar setup of all VPNs
would not be bridged. I do not plan on multiple VLANs per site.



On Sun, Feb 26, 2012 at 9:35 AM, Christoph Hanle
<christoph.hanle at leinpfad.de> wrote:
> Hi,
>
> On 26.02.2012 07:10 runinva at gmail.com wrote:
>>
>> I am considering deploying pfSense using OpenVPN (site to site) to
>> interconnect a dozen offices to a main site. Each remote office will
>> have fewer than 10 connected IP devices. This setup may replace a
>> IPSec VPN's.  My questions:
>>
>> 3. Each of the remote sites needs to be able to route to each other
>> but through the main site (hub-spoke).  The primary need is because of
>> VOIP calls between the offices. Possible?
>
>
> Possible: yes.
> I have nearly the same challenge, but we expect to add 2 to 4 new offices
> each year. I am testing to solve the f** routing for H323 data stream by
> following manner:
> Central location gets an dedicated subnet for VOIP; each sublocation gets a
> dedicated VLAN for VOIP clients.
> An OpenVPN Tunnel will be done in bridged mode between the VOIP subnet on
> main location and each sublocation VOIP VLAN.
> I my scenario I only have to care about two tunnels and routes in each
> sublocation and at adding a new sublocation I do not have to touch all other
> firewalls at the other sublocations.
> I also can do a clean isolation of VOIP traffic and "standard office"
> traffic.
> maybe this helps for your further planning
>
> bye
> Christoph
>
>
>
>
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list

More information about the List mailing list