2000 Sites to Connect via VPN to AWS



  • Hi all,

    i'm embarking on a huge task - to connect 2000 physical (geographically separate) sites to 1 single VPN network in Amazon Web Services.

    Some information :

    • each site has a router (differs based on the ISPs that each site subscribes to)
    • we essentially need all 2000 sites to be connected to the same network in AWS to connect to a few virtual machines

    My questions:

    1. can PfSense have 2000 simultaneous clients connecting back in?
    2. what's the best method to achieve this?

    We actually need assistance on this urgently, hope some expert can help me out here



  • Consider professional help for this task  https://www.netgate.com/our-services/professional-services.html
    Additional challenges may occur if those 2000 sites are from different AWS regions (e.g. globally).



  • @spikeee:

    We actually need assistance on this urgently

    Give the netgate staff a call!
    A forum can hardly do that in a timely manner.



  • hi guys, thanks for your suggestions

    we are currently still in a planning phase hence i'm asking these questions.
    all 2000 sites are from one country but all across one nation, that will connect to the Singapoer AWS datacenter

    just wondering if it's even possible to do this with pfsense's aws marketplace solution



  • Ask the ones who built it  ^

    Oops, for unknown reasons the link within my first post is gone.
    https://www.netgate.com/our-services/professional-services.html



  • Hi all,

    sorry for the bother - i've managed to get the connectivity up.

    My client (on premise) is able to ping the AWS servers through the VPN tunnel.
    unfortunately , i am unable to ping from the server side to the client .

    i'm guessing it has to do with the routing table.
    does any one know where we can access the OpenVPN routing table?



  • Double check the outbound NAT Rules and your OpenVPN rules.  You might also need to ALLOW inbound ping replies.



  • Are you trying to reach the client end point device or a network behind the client?

    For accessing the client device you will need to open up its firewall.

    If you want to access a network behind the client you will need vpn routes in addition.
    Is it a SSL/TLS openvpn or a shared key?