Create tunnels in the following way: mainoffice local subnet 10.0.0.0/8 to branchoffice local subnet lan subnet
This way all the traffic that goes to any 10.0.0.0/8 subnet is sent to the mainoffice. As the mainoffice has the tunnels to the other offices it will route it to the appropriate office. No ststic routes needed anwhere for this setup to work. If you need several subnets at the mainoffice or somewhere else you can calculate a smaller subnet than 10.0.0.0/8. You should make some plans before you start to build the complete VPN. However as Bill mentioned a full mesh might be better especially if you plan to have a lot of offices connected. Traffic from one branchoffice to another one is using up bandwith at the mainoffice though the traffic doesn't belong there. Holger > -----Original Message----- > From: Rob Evers [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 27, 2006 9:27 AM > To: [email protected] > Subject: Re: [pfSense Support] Re: Routing and VPN tunnels > > > Holger Bauer wrote: > > You have either to sum up some subnets and use a larger > subnetmask at the mainoffice or build parallel tunnels. If > you tell me the 3 subnets of all locations I can tell you > what's easier to do and how to do it. I have a 10 location > setup that is running > like this. All sublocations connected through the > mainoffice. Routing won't help you across VPNs as the traffic > won't match the tunneldefinition. > > > > Holger > > > > > Hi Holger, > > The main office has 10.1.1.0/24 as subnet, the branch offices have > 10.31.0.0/24 and 10.49.0.0/24. We have a lot of more offices > to connect > but I guess if I can do two I can do the rest...... > > thx! > Rob > > -- > "Intellectual Property" is nowhere near as valuable as "Intellect" > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
