Site-to-Site VPN - Client routing without gateway?



  • Hello Experts,

    We're building our disaster recovery site and like our primary, it will be protected by a pfSense 2.0.1 box.

    I would like to set up a site-to-site VPN and don't foresee a problem with this. However, I'm curious to know if anyone has a solution for a client, whom is connected to our VPN remotely, accessing the remote site since we don't push a gateway to VPN clients?

    Here is what our setup might look like:

    Site 1 (192.168.1.0/24) –- (IPSec or OpenVPN Site to Site VPN) --- Site 2 (10.0.0.1/24)

    When users connect to our VPN, they are given an address in the 192.168.1.x subnet. Without a gateway however, they cannot get to anything off that subnet. If I were to pull VPN duties back onto the pfSense box using OpenVPN as the client VPN solution, I should be able to configure OpenVPN to push a static route for Site 2 (10.0.0.1/24) with a gateway of the Site 1 pfSense box, correct?

    Thanks for pointing me in the right direction!



  • For site to site only the pfSense devices are aware that a vpn exists, to the clients on each side it is seen as another network through which they go through the pfSense device to access, no additional gateway required. As long as the clients on each side have their local pfSense box set as their gateway it will route just fine.

    Where is the client? If its at one of your sites, there is nothing you need to do with it.



  • @XIII:

    For site to site only the pfSense devices are aware that a vpn exists, to the clients on each side it is seen as another network through which they go through the pfSense device to access, no additional gateway required. As long as the clients on each side have their local pfSense box set as their gateway it will route just fine.

    Where is the client? If its at one of your sites, there is nothing you need to do with it.

    Hi XIII,

    The clients are spread out across the world, working from their homes. Currently they connect to our Microsoft RRAS PPTP/SSTP VPN server.


Locked