Site to Site OpenVPN - 3 pfsense



  • Hi,
    I'm new to OpenVpn and facing issue on the following settings:
    I have a site to site connection as followed:
    Head Office : 1 main pfsense (pfsense1) firewall to handle Internet connection + 1 pfsense (pfsense2)to handle the remote site connection. pfsense2 is the OpenVPN Server
    Remote Site : 1 pfsense (pfsense3-OpenVPN client) connected to the Head Office pfsense2.

    I'm using the Shared key encryption method as noted on the pfsense book.

    Internet  
                           |
                           |
    Head Quarter    pfsense 1 –---------------- pfsense 2 (OpenVPN Server)
                                                                    |
                                                                    |
                                                                    |
    Remote Site                                            pfsense 3 (OpenVPN client)
                                                                    |
                                                                    |
                                                            Remote Site LAN

    I've set an OpenVPN between the pfsense 2 at HQ and then pfsense 3 at the remote office.
    The default gateway for pfsense2 is the main HQ router (pfsense1)
    The default gateway for pfsense 3 (Remote site) is pfsense2 at HQ.

    All the traffic from the client (pfsense3) is pushed accross the VPN using the custom option "redirect-gateway def1" in the client.
    I can't figure out how to force all traffic accross the VPN from the server (pfsense2) to the client (pfsense3)  (as the default gateway for pfsense2 is pfsense1)

    Is there any specific option I should use on the server side ?

    Thanks a lot for your help.



  • I assume it was a mistake that got an openvpn question posted in the openssh forum?



  • What you almost certainly want is to configure static routes on pfSense 1 to direct the subnets on the Remote Site via pfSense 2 (and ensure that pfSense 2 knows to route those subnets via the VPN).



  • Thanks Havok,

    I've created a route on the pfsense2 (OpenVPN server) to route all packets to the remote subnet using the tun0 interface IP as the gateway on the pfsense3.(OpenVPN client)

    All traffic between the server and client is now encapsulated.

    Thanks for your advice


Log in to reply