Static route via VPN - is this now possible?
Is it possible to create a static route to another network via VPN in version 2.2.6- I saw an old post linking to monowall that it wasnt (2006) and another post that IPSEC doesnt support routing.
I have created static routes (via LAN) pointing to the remote LAN interfaces however running a traceroute from a client machine the route appears to be ignored and the traffic is routed via WAN on the local router.
Essentially I have remote offices communicating to a datacentre via VPN and all is good - they can communicate to head office individually but I would like to be able to route site to site via the head office.
All sites running pfsense.
Is OpenVPN the only solution - and/or are there any guides on site to site configuration using OpenVPN - Ipsec just seems to work so easily!
You don't use static routes to route additional networks over IPSec. You use additional Phase 2 entries.
I have approx 25 sites that i wish to route wouldn't that add an insane amount of configuration?
Is something like this possible with pfsense - or would i be better to use OpenVPN?
cmb last edited by
You can't use static routes with normal tunnel mode IPsec. That link describes using transport mode with GRE and routing across that, which is possible.
So.. are we saying that setting up a multisite network with routing via IPSEC is possible (using multiple phase 2 entries) or a combination of GRE as described in the previous link.
However is this best practice; is there a better way to achieve multisite routing with pfsense that's going to be better to manage/troubleshoot.
I'm not tied to IPSEC and all ruoters can run pfsense.
That GRE method is very interesting to me. First time I have seen it. Are there any MTU issues with it?