Routing between OpenVPN Clients / Headquarter / Site-to-Site

  • I have a full working scenario as follow:

    • Headquarter (site A): LAN, Pfsense LAN Firewall (, 1xWAN Interface, OpenVPN Server to enable 50 Mobile PC Connections via Client Software computers (IP class, firewall has IP) and a Site-to-Site OpenVPN Server (IP class to enable a bidirectional communication with a remote location (site B).
    • Remote location (site B): LAN, PFSense LAN Firewall (, 1xWAN interface, OpenVPN Client (Firewall OpenVPN IP to enable bidirectional comunication with Headquarter (Firewall OpenVPN server IP
      from Headquarter LAN I can reach both OpenVPN clients,

    What I need now is to be able to reach the network with IP class from the network with IP class and viceversa. How can I do?

    Thanks for help.

    PS: PFSense is at last version.

  • On site B site-to-site settings add to the "Remote Networks" to get the traffic routed over the vpn.
    On site A in access server settings add to the "Local Networks" to get the route for this network pushed to the clients.

    For the site-to-site vpn you should have assigned interfaces at both sites.
    Ensure that your firewall rules allow the access between the networks.

  • I was trying what you suggested but I have a problem. Applying first two configurations all continue working well, but when I try to assign interfaces in site A, adding firewall rules, the comunication between site A and site B stops, also if the VPN is up.
    Can you suggest me more specifically what I have to do? Can you tell me in which interface I have to configure firewall rules?

    Thank you

  • Just assign an interface to the openvpn stite to site server at A, open the interface settings and enable it. You also may set a name if you like, but do no further configurations, no IP settings!
    Also assign an interface to the openvpn client at B this way.

    Consider that firewalls rule on the interfaces control incoming traffic. So if you want to allow access from site B LAN to A LAN you need a firewall rule on the LAN interface at B which allow the traffic and also you need a rule on the newly added vpn interface at A allowing the traffic.