Routing OpenVPN to IPsec site to site



  • Hi all!

    Not sure where to post my question.
    I’m doing some tests using Pfsense as a gw for mgmt network for several sites.
    What I’m trying to do is use openvpn to connect to a pfsense which is running IPSec site-to-site to different locations providing access to mgmt network (firewall/switches/ap’s).

    I’m looking for a best practice setup for this or maybe some tips regarding routing.
    Since it will be serveral hundred subnets that will have to be accessible. How do i route this?
    Push route to openvpn clients?

    What’s the best way of doing this?



  • Just put the networks in IPv4 Local networks. You can summarize like 10.0.0.0/8.
    Alternatively, check the box for 'redirect gateway' and send everything through the vpn.
    Also make sure the remote p2's include the subnet you are using for openvpn.



  • That’s also a thing..
    I do not want to run all the users traffic through this box.. this is for support.
    They should be able Be connected to openvpn connection all day ling to reach the different networks without tunneling all traffic that way.



  • And due to different reasons.. let say that site-to-to is 10.35.0.0/16.
    And openvpn clients need to be 192.168.xxx.xxx
    Due to restrictions of already used networks..
    And since it is IPSec site to site, they are not local networks, but routes into a local network.
    From 172.16.20.0/24 to 10.35.0.0/24 local.


Log in to reply