Site to site with only main site static?

  • Is it possible and if so, can someone point me in the right direction,  to setup a site to site vpn with only the main site having a static ip address and dns. I have a customer that tried getting a static ip for their remote site and ATT said it couldn't be done from that particular location. I don't know if the stores in that mall are sharing some config.  The site does have access to the main site and the clients are attaching to pfsense via openvpn but its all manual. I'd like to setup a firewall(pfsense) to do a site to site, shared key config.


  • I do it all the time.  Make the server on the main site and on the remote machines just add a client with the shared key config.

  • Yeah, only the OpenVPN server needs to be static, or can even be dynamic using a dynamic DNS address. All the OpenVPN client needs is the address of the OpenVPN server (IP or DNS), along with the shared key and a few other settings of course.

  • Awesome thanks guys.  So for each client. I can use the shared key but will this work for another router/pfsense appliance at the remote site and have the remote clients route their traffic through that router?


  • AFAIK you can only have one OpenVPN Server and one OpenVPN Client pair using the shared key method. You can have multiple Server/Client pairs for each remote network though, if that makes sense. The remote computers will just need to use the pfSense fw running the OpenVPN Client as their gateway, that or you would need to setup a static route on each remote PC.

Log in to reply