Openvpn Site to Site + Roadwarrior

  • Hello everyone,
    My current setup is the following:
    Site to site OpenVPN managed by PFSense
    Lan subnet:
    Lan subnet:

    Connected via a tunnel

    I have a pool of addresses that are used by mobile remote users that connects via SITE1 openVpn server (of course a second one, on the same pfsense box)

    When a remote user connects can see all the machines on the SITE 1 subnet, but cannot access to SITE2 IPs.

    In a similar setup, but with IPSEC for the site to site part, I simply set up a second phase 2 with remote pool as local subnet on SITE1 and as remote subnet on SITE2.

    How to make both subnets accessible at the remote user?

    Thank you in advance

  • A lot of visits and no replies means that doesn't exist a reliable way to do this, or that I cammot explain clearly my issue? English is not my native language so maybe it can be ununderstandable.

    Thank you

  • LAYER 8 Netgate

    Just like you have to add another phase 2 in IPsec you have to tell the site-to-site servers about the other networks.

    The Remote Access has to have as a local network unless it has redirect gateway set.

    The site-to-site has to have set as a local network in the server or as a remote network in the client if using PSK.

  • But… The site to site is openvpn too and doesn't have phases (as long as I know). The mixed openvpn-ipsec is another setup, in another network that is not connected to this One, that I bought as example of working setup

  • You have to add sites 2 LAN to the "IPv4 Local network(s)" of the roadwarrior settings for pushing this route to the clients.

  • At a high level:

    • You need to push the Site 2 Lan subnet ( to your clients in the roadwarrior's OpenVPN config

    • You need to add a route for the roadwarrior's tunnel network ( in the Site 2 OpenVPN config