Thanks for the insight. For VOIP traffic in my previous IPSec setup I used a subnet mask of /23 at the main site where the VOIP call manager resided and /24 for all remote sites. That way the TCP VOIP call setup was possible as well as direct UDP connections between VOIPs at each remote site. Of course, all packets routed through the main site as expected in a hub-spoke. All other services already reside at the main site and are point to point to each remote site. VOIP is the only service requiring direct communication between the remote sites. In OpenVPN language I assume a similar setup of all VPNs would not be bridged. I do not plan on multiple VLANs per site.
On Sun, Feb 26, 2012 at 9:35 AM, Christoph Hanle <[email protected]> wrote: > Hi, > > On 26.02.2012 07:10 [email protected] wrote: >> >> I am considering deploying pfSense using OpenVPN (site to site) to >> interconnect a dozen offices to a main site. Each remote office will >> have fewer than 10 connected IP devices. This setup may replace a >> IPSec VPN's. My questions: >> >> 3. Each of the remote sites needs to be able to route to each other >> but through the main site (hub-spoke). The primary need is because of >> VOIP calls between the offices. Possible? > > > Possible: yes. > I have nearly the same challenge, but we expect to add 2 to 4 new offices > each year. I am testing to solve the f** routing for H323 data stream by > following manner: > Central location gets an dedicated subnet for VOIP; each sublocation gets a > dedicated VLAN for VOIP clients. > An OpenVPN Tunnel will be done in bridged mode between the VOIP subnet on > main location and each sublocation VOIP VLAN. > I my scenario I only have to care about two tunnels and routes in each > sublocation and at adding a new sublocation I do not have to touch all other > firewalls at the other sublocations. > I also can do a clean isolation of VOIP traffic and "standard office" > traffic. > maybe this helps for your further planning > > bye > Christoph > > > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
