Static route via VPN - is this now possible?
-
Is it possible to create a static route to another network via VPN in version 2.2.6- I saw an old post linking to monowall that it wasnt (2006) and another post that IPSEC doesnt support routing.
https://forum.pfsense.org/index.php?topic=25248.0
https://forum.pfsense.org/index.php?topic=302.0I have created static routes (via LAN) pointing to the remote LAN interfaces however running a traceroute from a client machine the route appears to be ignored and the traffic is routed via WAN on the local router.
Essentially I have remote offices communicating to a datacentre via VPN and all is good - they can communicate to head office individually but I would like to be able to route site to site via the head office.
All sites running pfsense.
Is OpenVPN the only solution - and/or are there any guides on site to site configuration using OpenVPN - Ipsec just seems to work so easily!
-
You don't use static routes to route additional networks over IPSec. You use additional Phase 2 entries.
-
I have approx 25 sites that i wish to route wouldn't that add an insane amount of configuration?
Is something like this possible with pfsense - or would i be better to use OpenVPN?
http://blog.servercentral.com/bringing-sanity-to-routing-over-ipsec
-
You can't use static routes with normal tunnel mode IPsec. That link describes using transport mode with GRE and routing across that, which is possible.
-
So.. are we saying that setting up a multisite network with routing via IPSEC is possible (using multiple phase 2 entries) or a combination of GRE as described in the previous link.
However is this best practice; is there a better way to achieve multisite routing with pfsense that's going to be better to manage/troubleshoot.
I'm not tied to IPSEC and all ruoters can run pfsense.
-
That GRE method is very interesting to me. First time I have seen it. Are there any MTU issues with it?