Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2000 Sites to Connect via VPN to AWS

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      spikeee
      last edited by

      Hi all,

      i'm embarking on a huge task - to connect 2000 physical (geographically separate) sites to 1 single VPN network in Amazon Web Services.

      Some information :

      • each site has a router (differs based on the ISPs that each site subscribes to)
      • we essentially need all 2000 sites to be connected to the same network in AWS to connect to a few virtual machines

      My questions:

      1. can PfSense have 2000 simultaneous clients connecting back in?
      2. what's the best method to achieve this?

      We actually need assistance on this urgently, hope some expert can help me out here

      1 Reply Last reply Reply Quote 0
      • jahonixJ Offline
        jahonix
        last edited by

        Consider professional help for this task  https://www.netgate.com/our-services/professional-services.html
        Additional challenges may occur if those 2000 sites are from different AWS regions (e.g. globally).

        1 Reply Last reply Reply Quote 0
        • jahonixJ Offline
          jahonix
          last edited by

          @spikeee:

          We actually need assistance on this urgently

          Give the netgate staff a call!
          A forum can hardly do that in a timely manner.

          1 Reply Last reply Reply Quote 0
          • S Offline
            spikeee
            last edited by

            hi guys, thanks for your suggestions

            we are currently still in a planning phase hence i'm asking these questions.
            all 2000 sites are from one country but all across one nation, that will connect to the Singapoer AWS datacenter

            just wondering if it's even possible to do this with pfsense's aws marketplace solution

            1 Reply Last reply Reply Quote 0
            • jahonixJ Offline
              jahonix
              last edited by

              Ask the ones who built it  ^

              Oops, for unknown reasons the link within my first post is gone.
              https://www.netgate.com/our-services/professional-services.html

              1 Reply Last reply Reply Quote 0
              • S Offline
                spikeee
                last edited by

                Hi all,

                sorry for the bother - i've managed to get the connectivity up.

                My client (on premise) is able to ping the AWS servers through the VPN tunnel.
                unfortunately , i am unable to ping from the server side to the client .

                i'm guessing it has to do with the routing table.
                does any one know where we can access the OpenVPN routing table?

                1 Reply Last reply Reply Quote 0
                • D Offline
                  dbennett
                  last edited by

                  Double check the outbound NAT Rules and your OpenVPN rules.  You might also need to ALLOW inbound ping replies.

                  1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann
                    last edited by

                    Are you trying to reach the client end point device or a network behind the client?

                    For accessing the client device you will need to open up its firewall.

                    If you want to access a network behind the client you will need vpn routes in addition.
                    Is it a SSL/TLS openvpn or a shared key?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.