Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN for multiple sites and subnets

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? Offline
      A Former User
      last edited by

      I am trying to determine if pfSense is a viable firewall solution for the company that I work for.

      We have a head office with two branch offices. We have at least two subnets that need to be tunneled from head office to each branch office. The first subnet is dedicated to a POS network, and the second subnet is dedicated to a Windows domain, with the PDC residing at head office.

      Supposing that pfsense is installed at each location, how would one implement the site to site VPNs? Would there be any benefits of using OpenVPN over IPSec?

      1 Reply Last reply Reply Quote 0
      • ? Offline
        A Former User
        last edited by

        Any thoughts? Would something like this work? https://blog.monstermuffin.org/tunneling-specific-traffic-over-a-vpn-with-pfsense/

        1 Reply Last reply Reply Quote 0
        • B Offline
          big_D
          last edited by

          I am still setting up our pfSense at the moment and still learning. But I would assume, that as long as the switches can handle the VLAN traffic, you just need to set up the right routing rules in pfSense to cope with it.

          Ours is cleanly routing our VLAN traffic internally at the moment, but we haven't rolled out pfSense to the remote site yet, so I can't test sending subnets / VLAN traffic over the VPN connection.

          OpenVPN is very easy to configure. I am currently configuring just client VPN access and, apart from a wierd certificate problem (see separate thread), it is very easy to configure and with the add-on for generating pre-configured packets, it is very easy to set up the VPN tunnel on the clients.

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            OpenVPN is more flexible in routing, NAT, etc.

            IPsec generally performs better at higher speeds.

            Both will securely transport multiple subnets to and from the mothership.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.