Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sanity check: site-to-site VPN, with one site behind router?

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 842 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ryanswj
      last edited by

      Hi guys,

      I'm going to have to set up a pfSense VPN from a branch office to the main office.

      The branch office has an Internet connection that is provided by the landlord and we do not have any access to port forwarding on that router at all.

      The main office router is a pfSense box.

      Am I right to say that the IPsec site to site VPN will work? I just need to:

      • Enable NAT traversal

      • Not use an IP address as identifier (perhaps use DN as an alternative)

      • Have the branch office router establish the connection first (as the main office router wouldn't be able to reach the branch office router anyway

      and all should be good?

      Thank you!

      1 Reply Last reply Reply Quote 0
      • C
        CobraGT2000
        last edited by

        That should be good. I've got a few IPSEC tunnels with the same setup as you without issues.

        1 Reply Last reply Reply Quote 0
        • J
          jgraham5481
          last edited by

          Definitely maybe. Provided thye're not blocking ports. I believe you will want to use "aggressive" and not "main", as it will allow pahse1 IP Address changes.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.