Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access Additional Subnets on Site-to-Site VPN Link

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CSPhoenix
      last edited by

      Hey there,

      First of all, to any developers reading, awesome job with pfSense, it has replaced a number of expensive cisco routers in our offices.

      I have a site-to-site VPN link between the HQ and a satellite office.

      HQ:
      Major Subnet: 192.168.1.0/24
      Other Subnets: 10.1.4.0/24, 10.1.6.0/24, etc
      Site-to-Site Tunnel Network: 10.1.12.0/24

      push "route 10.1.4.0 255.255.255.0";
      push "route 10.1.6.0 255.255.255.0";
      tun-mtu 1500;
      mssfix 1400;

      Satellite Office:
      Major Subnet: 10.0.0.0/24
      Other Subnets: 10.0.1.0/24, 10.0.2.0/24, etc

      push "route 10.1.4.0 255.255.255.0";
      push "route 10.1.6.0 255.255.255.0";
      tun-mtu 1500;
      mssfix 1400;

      I've successfully set-up the link and can access the 192.168.1.0/24 subnet from the satellite office. However I cannot access 10.1.4.0/24 for example.

      How do I go about fixing that?

      Any help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        Assuming you've setup the HQ as the server and the Satellite as the client, you need to add a route(s) to the HQ config to define the client subnet(s)

        ie:
        route 10.0.0.0 255.255.255.0
        route 10.0.1.0 255.255.255.0
              …..
        etc.  Need to be added to the server config.

        The 'push "route....' lines on the server side send the appropriate routes for the client to understand the server's subnets.

        You don't need any 'push "route...' lines on the client side.

        If you post a screenshot of your server and client configs, you may get more specific help on your setup

        -jfp

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.