Static Route via IPSec Tunnel

  • Hi :)

    I am looking for some guidance as I can't get routing working.

    The goal here is for an OpenVPN Client (Laptop User) to OpenVPN into the BranchOffice. And then have routing to the Private CMS System via the Dedicated Cisco router at the Main Site.

    Laptop User OpenVPN Client ( <-------> (Open VPN Server) <---- via IPSEC Link ---> (pfsense Main Site) <--------> Private CMS Platform (

    The "Main Site" has access to a Private CMS System which is on So currently a client on can access the Web portal which is on This works via a Static Route on the Main Site pfSense Router.

    The CMS provider has created a Static Route for to go to

    I have an IPSEC Tunnel between <-----> which works perfectly.

    I first tried creating a static route on the Branch Office pfSense Router for to go to the Main Site pfSense Router ( which did not work. I then delete this, and created a static route for to go directly to the Private CMS Cisco Router which also does not work.


    Anyone got any ideas of where I am going wrong here ?

    Cheers, Scott

  • LAYER 8 Moderator

    Besides being real IPs and no private RFC1918 range (what can be quite problematic of its own), I think you are missing some routes and policies on the way.

    Wouldn't it be easier to just NAT via IPSEC so the VPN Clients arriving via IPsec look like they come from a local IP from 192.168.150.x? Otherwise all devices will need policies to allow traffic from and route back and forth between and So your Main Site pfSense needs to know about (if it doesn't, you didn't tell) as well as the CMS Cisco and your Branch Office pfSense needs to know about
    I'd add that as Phase 2 entries to the IPsec tunnel so the routes will be pushed automatically.

Log in to reply