L2TP/IPSec routing to other subnets

  • I successfully setup the L2TP/IPSec client Vpn and am able to connect and reach the clients on the VPN server subnet.
    L2TP setup on pfSense makes you setup the subnet and gateway in a weird way or I'm just weird.

    You can't make the gateway on the same address range as the Vpn clients. So I picked just an ip address for the gateway and the client address range this when connected is connected to the pfSense whose local subnet is and the gateway is

    Traffic flows between and just fine. However, the pfSense has a Vpn tunnel to a remote site with subnet of<--> I have tried various routing methods to get traffic between and to work, but it just doesn't.

    Any help would be appreciated.


  • Solved my own problem. Works with either Mobile Clients IPSec or L2TP/IPSec.

    Add a 2nd Phase 2 to the tunnel between the 2 sites on the side and added the 2nd Phase 2 with the subnet of

    Hope this might help someone else.

    I got the idea from how our Meraki devices configure with 3rd party devices, and how they deal with it between their own devices. Probably most folks out there are experts on this.

    I still don't like the way pfSense sets up the subnet/gateway for L2TP, but it works.


  • I did this so when I use OpenVPN I can also access other subnets I want that are connected with ipsec.

    On the PFSense I OpenVPN to, which is connected to all the ipsec tunnels, I add a phase 2 entry with local subnet of of OpenVPN eg. and remote subnet of whatever is on other side. On the other side, I use the remote subnet of OpenVPN eg.

    One site is an old Cisco RV042 I have a tunnel from my PFSense... so what I did was I added the phase 2 on PFSense, but had to create a new site to site VPN tunnel on the RV042 and just different settings for the phase 2, this is because I cannot add multiple phase 2 to VPN on RV042 - I am surprised that it worked.

Log in to reply