PfSense as openVPN server and another pfSense as client, intersite routing how?



  • I have two pfsense routers. One is behind a SOHO router which is not controlled by me.
    I have managed to get the router2 behind the Soho router to connect to the main router at main office using some guides about connecting to "VPN-server-service".

    The PCs behind router2 can ping PCs on main network, but how do I set up the two routers so PCs at main office can ping/connect to PCs at branch office while the tunnel is up? I understand that if tunnel is down, its not possible.

    I think I will have to disable NAT in router2 and set up som routing? But how, and how to do it in the main router?

    I attach a Picture of the network.



  • If you are able to access from one to the other site it should also work in the other direction.

    Check if the access is permitted by the firewall rules of LAN interface on the main office pfSense and on OpenVPN interface of the branch office router.

    Also consider that the PCs firewall can block the access.



  • Hi

    Thanks for your answer but not sure you understand how it is done.

    Since the Router2 is behind some router and dont have a public IP I cannot use a traditional LAN to LAN tunnel. I had the Router2 set up as a client dor openVPN. Like a regular PC would be.

    There is a extra interface set up in Router2 that acts as the "dial-up" interface for the vpn and the rules there was any any.

    I pretty sure this is something about NAT and routing setup. Not user how to set that up :-(



  • There's no need for a public IP on the vpn client. It just has to be able to reach the server on its set protocol + IP + port.

    The routing is set by OpenVPN and depends on your setup. There no NAT needed to get access from LAN to remote LAN.

    Please post your VPN settings of both sites.



  • Hi,

    I solved it!

    I had made it more complicated than it should have been! :D

    I followed the documentation and set up another server on another port. A peer-to-peer server then you could specify "client" network and then the routing got solved by itself.

    It works flawless now :-) I just love pfsense more every day :P

    Thanks for your concern and fast answers! :-)