Multi branch office setup and routing

  • Hello,

    I'm just setting up a network infrastructure using pfSense as gateway/vpn-endpoint.

    I have several branch offices, each with it's own subnet:
    Office A -
    Office B -
    Office C -

    All of them are linked using an IKEv2 tunnel each to an instance of pfSense in a datacenter with a "virtual" LAN there - This works great, the offices can access ressources in the datacenter LAN and vice versa (having adjusted the firewall settings correctly, of course).

    Now I would like to have the opportunity to access ressources in Office B from inside Office A using the established VPN-connections. Therefore I would need to route traffic to via the IPSec-tunnel (and not to the standard gateway). I've read in the forum that this is not possible via "routing settings" but you are adviced to add another phase 2 to the existing tunnel(s).

    I tried this but couln't figure out how to do it correctly. Could someone please give me a hint, which additional phase 2 settings are required at office a, office b and the datacentre?

    Thanks in advance!

  • +1

  • Why not just add new VPN directly between the offices?  Are you trying to route them all thru the primary VPN?

  • Just to answer my own question: I abandoned the plan to do this via IPsec. I now used OpenVPN and it works: define site-to-site connections to your offices and a roadwarrior setup for your mobile devices.

Log in to reply