4. Client VPN access to multiple subnets

Client VPN access to multiple subnets

  • C

    Hi,

    New user here, been on pfsense for almost a week.  I have successfully setup up a point to point VPN between two sites using a pfsense box/firewall at each location…works great.  In my setup, site A is the main server and site B acts as client.  Also, I've set up an additional VPN that allows remote users access.  This OpenVPN policy is located on the pfsense box at site A  It looks like this:

    SITE A:
    LAN:  192.168.0.0/24
    SITE TO SITE TUNNEL:  192.168.204.0/30
    REMOTE ACCESS TUNNEL:  192.168.202.0/24

    SITE B:
    LAN: 192.168.2.0/24

    So, everything is working.  However, when a user uses the VPN from the field, they can't RDP to any resources at site B, only Site A.  I need them to be able to RDP to all servers at both sites.

    Thanks!

    0
  • T

    You just have to set up routes.

    0
  • M

    Just need to add the following to the Advanced configuration section of your Remote Access config:

    push "route 192.168.2.0 255.255.255.0";

    Then make sure your firewall rules allow the traffic on each interface.  Usually easiest to start with an any/any rule.

    0
  • C

    Hi Guys, thanks for the reply!

    @marvosa, can you tell me where exactly I add the push "route…." in the config?  I think I put it in the "Advanced Configuration" section at the bottom of the OpenVPN: Server section @ Site A.

    Is this correct?

    0
  • M

    Yes, that is correct…. "Advanced Configuration" section.

    0
  • D

    Hi guys,
    I'm also having the same problem,
    and also I tried adding push route in "Advanced Configuration". its not working.
    any other suggessions ?

    0
  • M

    @deepak11:

    Hi guys,
    I'm also having the same problem,
    and also I tried adding push route in "Advanced Configuration". its not working.
    any other suggessions ?

    deepak11, this is a 4.5 year old thread, you should start a new thread with your specific details in it, so we can offer targeted troubleshooting.

    At a high level, two things are needed:

    • On site A's remote access config, push a route to site B's LAN to your clients

    • On Site B's site-to-site config, add a return route to site A's remote access tunnel network

    This can all be done in the GUI now

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy