Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to layer 2 OpenVPN site to site setup

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      usus1
      last edited by

      11111.PNG
      hi friends.
      I have two PFSENSE firewall and this firewalls have only Wan interfaces. I want to connect client with OpenVPN layer-2 to pfsense-1 and also connect pfsense-1 to pfsense-2 as site to site tunnel that when I connected to it and check my IP address on https://myip.ms this website discover pfsense-2 IP address and not discover my pfsense-1 IP address. How I can setup this?

      M 1 Reply Last reply Reply Quote 0
      • M
        marvosa @usus1
        last edited by

        @usus1 It can be done, but you don't need tap mode for that.

        At a high level, you would need to policy route remote access traffic destined for the internet over to PFsense 2 and then create a NAT for that traffic on the WAN interface of PFsense 2

        Although, my first question would be... assuming you have control over both boxes, why not just create a full tunnel remote access server @ PFsense 2 and connect directly to it?

        U 1 Reply Last reply Reply Quote 0
        • U
          usus1 @marvosa
          last edited by usus1

          @marvosa hi dear friend.
          I have different services like monitoring and others that needs to be in two different VM, so I need my users traffic to pass from two nodes With full tunnel remote access server I can only pass my traffic through one node. I also need my connection to be layer two connection.
          I uploaded full config of my pfsense-1 and pfSense-2.please see them and help me.
          I want to connect pfSense-1 with layer 2 tap mode and then because pfsense-1 and pfsense-2 conncted with layer 2 tap mode site to site therefore i will using pfsense-2 ip address that for example when i checking my ip address on https://myip.ms website, i pfsense-2 ip address.
          5.PNG

          7.PNG 6.PNG 5.PNG 4.PNG 3.PNG 2.PNG 1.PNG 9.PNG 8.PNG

          5.PNG 4.PNG 3.PNG 2.PNG 1.PNG

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.