Multi branch office setup and routing



  • Hello,

    I'm just setting up a network infrastructure using pfSense as gateway/vpn-endpoint.

    I have several branch offices, each with it's own subnet:
    Office A - 192.168.0.0/24
    Office B - 192.168.1.0/24
    Office C - 192.168.2.0/24

    All of them are linked using an IKEv2 tunnel each to an instance of pfSense in a datacenter with a "virtual" LAN there - 192.168.100.0/24. This works great, the offices can access ressources in the datacenter LAN and vice versa (having adjusted the firewall settings correctly, of course).

    Now I would like to have the opportunity to access ressources in Office B from inside Office A using the established VPN-connections. Therefore I would need to route traffic to 192.68.1.0/24 via the IPSec-tunnel (and not to the standard gateway). I've read in the forum that this is not possible via "routing settings" but you are adviced to add another phase 2 to the existing tunnel(s).

    I tried this but couln't figure out how to do it correctly. Could someone please give me a hint, which additional phase 2 settings are required at office a, office b and the datacentre?

    Thanks in advance!
    Andreas



  • +1



  • Why not just add new VPN directly between the offices?  Are you trying to route them all thru the primary VPN?



  • Just to answer my own question: I abandoned the plan to do this via IPsec. I now used OpenVPN and it works: define site-to-site connections to your offices and a roadwarrior setup for your mobile devices.


Log in to reply