Access Additional Subnets on Site-to-Site VPN Link



  • Hey there,

    First of all, to any developers reading, awesome job with pfSense, it has replaced a number of expensive cisco routers in our offices.

    I have a site-to-site VPN link between the HQ and a satellite office.

    HQ:
    Major Subnet: 192.168.1.0/24
    Other Subnets: 10.1.4.0/24, 10.1.6.0/24, etc
    Site-to-Site Tunnel Network: 10.1.12.0/24

    push "route 10.1.4.0 255.255.255.0";
    push "route 10.1.6.0 255.255.255.0";
    tun-mtu 1500;
    mssfix 1400;

    Satellite Office:
    Major Subnet: 10.0.0.0/24
    Other Subnets: 10.0.1.0/24, 10.0.2.0/24, etc

    push "route 10.1.4.0 255.255.255.0";
    push "route 10.1.6.0 255.255.255.0";
    tun-mtu 1500;
    mssfix 1400;

    I've successfully set-up the link and can access the 192.168.1.0/24 subnet from the satellite office. However I cannot access 10.1.4.0/24 for example.

    How do I go about fixing that?

    Any help would be appreciated.



  • Assuming you've setup the HQ as the server and the Satellite as the client, you need to add a route(s) to the HQ config to define the client subnet(s)

    ie:
    route 10.0.0.0 255.255.255.0
    route 10.0.1.0 255.255.255.0
          …..
    etc.  Need to be added to the server config.

    The 'push "route....' lines on the server side send the appropriate routes for the client to understand the server's subnets.

    You don't need any 'push "route...' lines on the client side.

    If you post a screenshot of your server and client configs, you may get more specific help on your setup


Log in to reply