Routing client1 –> VPN1 --> PF1 --> VPN2 --> PF2 --> client2

  • I need help with routing:
    client1 (RW1) Net D –> VPN1 Net D --> PF1 --> VPN2 Net E --> PF2 --> client2 Net B

    PF1= PfSense 2.0 local net C
    PF2= PfSense 1.2.3  local network B
    RW1= Roadwarrior asigned network A from PS1
    VPN1=OpenVPN multiple clients Net D
    VPN2=OpenVPN site-to-site Net E

    This OpenVPN route all traffic is working:
    RW1 –> VPN1 --> PF1
    client1 (Rw1) can ping local-IF Net C at PF1

    This OpenVPN site-to-site is working:
    PF1 --> VPN2 --> PF2 (Net B)
    client 2 can ping local-IF Net C at PF1

    How should I make Client1 (RW1) able to ping Client2?

    Client1 (RW1) –> ping --> Client2?


  • It's simply a matter of setting the correct routes on all the involved devices.

    Make sure the roadwarriors get pushed all the needed routes.
    Make sure the pf2 knows the route to the roadwarrior subnet.

  • Yes, it was simple.

    In PF1 I defined the route
    net B using GW lan-if-PF1

    In PF2 I defined the route
    net D using GW lan-if-PF1

    And in OpenVPN i pushed net B to the clients.

  • It's not working after an upgrade of PF2 from 1.2.3 to 2.0…

    What am I doing wrong.

    All the settings is the same but PF2 is complaining about my gateway that routes traffic to RW1 that it is on the wrong subnet...

    The settings is exactly the same as in PF2(1.2.3) but now it's not accepting the gateway that I've been using.

    Should I create some kind of VLAN-interface or where is the problem?

    I'm trying to set up the routing from PF2-lan to RW1...

    Settingup gateway in PF2 (2.0)

    Choose which interface this gateway applies to.
    LAN net B



    Why must VPN1-lan-if be on the same subnet to make PF accept this?

Log in to reply