Client VPN access to multiple subnets



  • Hi,

    New user here, been on pfsense for almost a week.  I have successfully setup up a point to point VPN between two sites using a pfsense box/firewall at each location…works great.  In my setup, site A is the main server and site B acts as client.  Also, I've set up an additional VPN that allows remote users access.  This OpenVPN policy is located on the pfsense box at site A  It looks like this:

    SITE A:
    LAN:  192.168.0.0/24
    SITE TO SITE TUNNEL:  192.168.204.0/30
    REMOTE ACCESS TUNNEL:  192.168.202.0/24

    SITE B:
    LAN: 192.168.2.0/24

    So, everything is working.  However, when a user uses the VPN from the field, they can't RDP to any resources at site B, only Site A.  I need them to be able to RDP to all servers at both sites.

    Thanks!



  • You just have to set up routes.



  • Just need to add the following to the Advanced configuration section of your Remote Access config:

    push "route 192.168.2.0 255.255.255.0";

    Then make sure your firewall rules allow the traffic on each interface.  Usually easiest to start with an any/any rule.



  • Hi Guys, thanks for the reply!

    @marvosa, can you tell me where exactly I add the push "route…." in the config?  I think I put it in the "Advanced Configuration" section at the bottom of the OpenVPN: Server section @ Site A.

    Is this correct?



  • Yes, that is correct…. "Advanced Configuration" section.



  • Hi guys,
    I'm also having the same problem,
    and also I tried adding push route in "Advanced Configuration". its not working.
    any other suggessions ?



  • @deepak11:

    Hi guys,
    I'm also having the same problem,
    and also I tried adding push route in "Advanced Configuration". its not working.
    any other suggessions ?

    deepak11, this is a 4.5 year old thread, you should start a new thread with your specific details in it, so we can offer targeted troubleshooting.

    At a high level, two things are needed:

    • On site A's remote access config, push a route to site B's LAN to your clients

    • On Site B's site-to-site config, add a return route to site A's remote access tunnel network

    This can all be done in the GUI now


Log in to reply