<![CDATA[Multiple Site to Site and routing]]>Hey everyone,

I have about 4 site to site VPN IPSec connections setup.

My main site is cloud hosted using a pfSense 2.4.4 image and connects to my clients' site for remote monitoring and management

I have a pfSense at my home office that connects to my cloud hosted pfSense.

What I want to do is to route traffic from my home office to my cloud server then reach my clients' networks.

Is this possible to do and how?

I've included a diagram

Apologies for the duplicate post. I have posted this orginally in the incorrect pfSense forum.

Thanks!

0_1541539710594_VPN routing.jpg

]]>https://forum.netgate.com/topic/137495/multiple-site-to-site-and-routingRSS for NodeMon, 08 Jun 2026 17:04:31 GMTTue, 06 Nov 2018 21:28:45 GMT60<![CDATA[Reply to Multiple Site to Site and routing on Wed, 14 Nov 2018 04:14:36 GMT]]>So if I did this right this is what I did but it is not working.

The following was added to the customer's pfSense.

0_1542168612801_Screen Shot 2018-11-10 at 12.09.43 PM.png

I added this to my Home Office pfSense

0_1542168832712_Screen Shot 2018-11-10 at 12.07.45 PM.png

Nothing was added to the Cloud pfSense but no luck.

Any thoughts?

]]>https://forum.netgate.com/post/804624https://forum.netgate.com/post/804624Wed, 14 Nov 2018 04:14:36 GMT<![CDATA[Reply to Multiple Site to Site and routing on Thu, 08 Nov 2018 17:42:12 GMT]]>Yes. That is one way to do it. The customer sites need to know to send the traffic to your home network via IPsec. Another phase 2 will do that.

]]>https://forum.netgate.com/post/803326https://forum.netgate.com/post/803326Thu, 08 Nov 2018 17:42:12 GMT<![CDATA[Reply to Multiple Site to Site and routing on Thu, 08 Nov 2018 14:53:59 GMT]]>@derelict Just re-reading this.

Did you mean I should create additional P2 networks between client A and my home device or on the pfSense that is cloud hosted?

]]>https://forum.netgate.com/post/803236https://forum.netgate.com/post/803236Thu, 08 Nov 2018 14:53:59 GMT<![CDATA[Reply to Multiple Site to Site and routing on Wed, 07 Nov 2018 13:52:10 GMT]]>No, they are not averse to this.

]]>https://forum.netgate.com/post/802877https://forum.netgate.com/post/802877Wed, 07 Nov 2018 13:52:10 GMT<![CDATA[Reply to Multiple Site to Site and routing on Wed, 07 Nov 2018 00:05:51 GMT]]>OK

So to Client A you have a Phase 2 like this:

pfSense 10.1.96.0/24 <-> 10.1.1.0/24 Client A

Are the clients averse to you adding more Phase2 networks to their tunnels? Because this would make it work:

Phase 2 Networks:

pfSense 10.1.96.0/24 <-> 10.1.1.0/24 Client A
pfSense 172.16.0.0/24 <-> 10.1.1.0/24 Client A

pfSense 10.1.96.0/24 <-> 172.16.0.0/24 Home
pfSense 10.1.1.0/24 <-> 172.16.0.0/24 Home

]]>https://forum.netgate.com/post/802871https://forum.netgate.com/post/802871Wed, 07 Nov 2018 00:05:51 GMT<![CDATA[Reply to Multiple Site to Site and routing on Tue, 06 Nov 2018 23:39:23 GMT]]>@viragomann All site to site VPN connections are using IPSec

@Derelict

  • The p2 network at my home office is 172.16.0/24

  • The p2 network on my cloud pfSense is 10.1.96.0/24

]]>https://forum.netgate.com/post/802868https://forum.netgate.com/post/802868Tue, 06 Nov 2018 23:39:23 GMT<![CDATA[Reply to Multiple Site to Site and routing on Tue, 06 Nov 2018 21:53:03 GMT]]>And, What are the existing Phase 2/traffic selector networks between your clients and the central pfSense? How do those relate to everyone.

You might be able to play some games with NAT but it depends on what is where.

]]>https://forum.netgate.com/post/802856https://forum.netgate.com/post/802856Tue, 06 Nov 2018 21:53:03 GMT<![CDATA[Reply to Multiple Site to Site and routing on Tue, 06 Nov 2018 21:36:06 GMT]]>Which kind of VPN is the that one between your home office and the cloud hosted pfSense, is it also an IPSec?

]]>https://forum.netgate.com/post/802852https://forum.netgate.com/post/802852Tue, 06 Nov 2018 21:36:06 GMT