Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing network over a site to site vpn

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 490 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cerberus2022
      last edited by

      Hello,
      I am looking to implement a pfsense infrastructure in my offices. I have multiple networks that get routed from my main datacenter. I have a remote office that gets a site to site vpn to that datacenter and needs to be able to send traffic destined for those networks over that vpn tunnel to the router at that site to route . So basically i need to be able to route traffic over a site to site vpn. I have not been able to do this in the past with ubiquiti site to site. Is there a way to do this with pfsense? if so what kind of site to site tunnel do i need to build?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @cerberus2022
        last edited by

        @cerberus2022
        pfSense has OpenVPN and IPSec on board by default. IPSec can generally handle a bit more throughput on the same hardware, but it's more difficult to set up, especially if you want to route multiple subnets.

        Further you can install Wireguard or tinc from the repository.

        C 1 Reply Last reply Reply Quote 0
        • C
          cerberus2022 @viragomann
          last edited by

          @viragomann I Was thinking ipsec. I just wasnt sure if I have a site to site vpn if I can add those routes or not over it. I am guessing by your answer i can?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @cerberus2022
            last edited by

            @cerberus2022
            IPSec can be set up in one of two modes. The more common mode is "policy-based IPSec", where you have to configure a phase 2 for each subnet pair you want to connect.
            However, if you have your subnets sequentially (10.26.1.0/24, 10.26.2.0/24, 10.26.3.0/24) you can also embrace all using a suitable larger mask.
            This mode can be used on most IPSec capable devices.

            The other mode is "routed IPSec", where you get a virtual gateway IP, to which you can route the respective subnets to the other site.

            The only drawback of IPSec is, it cannot be used to forward public traffic to a server at the other site, if you intend to do that.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.