VPN for multiple sites and subnets
I am trying to determine if pfSense is a viable firewall solution for the company that I work for.
We have a head office with two branch offices. We have at least two subnets that need to be tunneled from head office to each branch office. The first subnet is dedicated to a POS network, and the second subnet is dedicated to a Windows domain, with the PDC residing at head office.
Supposing that pfsense is installed at each location, how would one implement the site to site VPNs? Would there be any benefits of using OpenVPN over IPSec?
Any thoughts? Would something like this work? https://blog.monstermuffin.org/tunneling-specific-traffic-over-a-vpn-with-pfsense/
I am still setting up our pfSense at the moment and still learning. But I would assume, that as long as the switches can handle the VLAN traffic, you just need to set up the right routing rules in pfSense to cope with it.
Ours is cleanly routing our VLAN traffic internally at the moment, but we haven't rolled out pfSense to the remote site yet, so I can't test sending subnets / VLAN traffic over the VPN connection.
OpenVPN is very easy to configure. I am currently configuring just client VPN access and, apart from a wierd certificate problem (see separate thread), it is very easy to configure and with the add-on for generating pre-configured packets, it is very easy to set up the VPN tunnel on the clients.
OpenVPN is more flexible in routing, NAT, etc.
IPsec generally performs better at higher speeds.
Both will securely transport multiple subnets to and from the mothership.