Site-to-Site VPN need to access network openvpn server is on through VPN



  • I have a Site-to-Site open VPN tunnel setup between our two offices. Both office have pfsense boxes. Eveything is working fine except I want to be able to access the network the openvpn server is on through the openvpn tunnel. If I add a route to that network using the openvpn tunnel the openvpn link drops because it can not connect to the open vpn server anymore. Here is the setup

    remote openvpn server: 64.208.129.103
    remote subnet:  64.208.129.103/24

    I want to be able to connect to for example: 64.208.129.14 through the openvpn link. I have setup several routes for other networks that are behind the openvpn server and they route just fine. Just not for the network the openvpn server itself is on.

    Is this possible? Any help will be greatly appreciated.



  • remote openvpn server: 64.208.129.103
    remote subnet:  64.208.129.103/24

    What kind of setup is that where the remote endpoint is at the same time part of the remote subnet?

    Are you sure there is no other way?
    You could try to add a static route to the remote openVPN server address to force traffic to this IP always out the WAN.



  • The configuration goes like this. We have two sites: Main office and our datacenter. I have a pfsense box at the data center and at the main office. The main office has a private network that is natted to a public IP. The data center has several networks that are public internet networks. We could access the networks at the datacenter directly with no VPN but that would not be secure. I setup a OpenVPN link between the two pfsense boxes and have added static routes to force all traffic to the public networks at the datacenter through the VPN link. This works great but I was not able to access the network that the datacenter pfsense box sits on through the VPN. Your suggestion seems to have worked. I added a static route for 64.208.129.103/32 (Datacenter Pfsense box) who's gateway is our WAN gateway. Then I added a 64.208.129.0/24 route with the OpenVPN link as the gateway.



  • Then I added a 64.208.129.0/24 route with the OpenVPN link as the gateway.

    I wouldnt add routes like these static.
    You can just add the -route command to your config.
    OpenVPN adds these routes dynamically when the tunnel comes up and removes them when it goes down.


Log in to reply