Routing network over a site to site vpn
-
Hello,
I am looking to implement a pfsense infrastructure in my offices. I have multiple networks that get routed from my main datacenter. I have a remote office that gets a site to site vpn to that datacenter and needs to be able to send traffic destined for those networks over that vpn tunnel to the router at that site to route . So basically i need to be able to route traffic over a site to site vpn. I have not been able to do this in the past with ubiquiti site to site. Is there a way to do this with pfsense? if so what kind of site to site tunnel do i need to build? -
@cerberus2022
pfSense has OpenVPN and IPSec on board by default. IPSec can generally handle a bit more throughput on the same hardware, but it's more difficult to set up, especially if you want to route multiple subnets.Further you can install Wireguard or tinc from the repository.
-
@viragomann I Was thinking ipsec. I just wasnt sure if I have a site to site vpn if I can add those routes or not over it. I am guessing by your answer i can?
-
@cerberus2022
IPSec can be set up in one of two modes. The more common mode is "policy-based IPSec", where you have to configure a phase 2 for each subnet pair you want to connect.
However, if you have your subnets sequentially (10.26.1.0/24, 10.26.2.0/24, 10.26.3.0/24) you can also embrace all using a suitable larger mask.
This mode can be used on most IPSec capable devices.The other mode is "routed IPSec", where you get a virtual gateway IP, to which you can route the respective subnets to the other site.
The only drawback of IPSec is, it cannot be used to forward public traffic to a server at the other site, if you intend to do that.