pfSense Gold Subscription

Author Topic: VPN for multiple sites and subnets  (Read 130 times)

0 Members and 1 Guest are viewing this topic.

Offline SR190

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
VPN for multiple sites and subnets
« on: April 08, 2017, 01:07:35 pm »
I am trying to determine if pfSense is a viable firewall solution for the company that I work for.

We have a head office with two branch offices. We have at least two subnets that need to be tunneled from head office to each branch office. The first subnet is dedicated to a POS network, and the second subnet is dedicated to a Windows domain, with the PDC residing at head office.

Supposing that pfsense is installed at each location, how would one implement the site to site VPNs? Would there be any benefits of using OpenVPN over IPSec?

Offline SR190

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: VPN for multiple sites and subnets
« Reply #1 on: April 20, 2017, 08:27:45 pm »

Offline big_D

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: VPN for multiple sites and subnets
« Reply #2 on: April 21, 2017, 02:19:54 am »
I am still setting up our pfSense at the moment and still learning. But I would assume, that as long as the switches can handle the VLAN traffic, you just need to set up the right routing rules in pfSense to cope with it.

Ours is cleanly routing our VLAN traffic internally at the moment, but we haven't rolled out pfSense to the remote site yet, so I can't test sending subnets / VLAN traffic over the VPN connection.

OpenVPN is very easy to configure. I am currently configuring just client VPN access and, apart from a wierd certificate problem (see separate thread), it is very easy to configure and with the add-on for generating pre-configured packets, it is very easy to set up the VPN tunnel on the clients.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 7577
  • Karma: +891/-218
    • View Profile
Re: VPN for multiple sites and subnets
« Reply #3 on: April 21, 2017, 03:20:34 am »
OpenVPN is more flexible in routing, NAT, etc.

IPsec generally performs better at higher speeds.

Both will securely transport multiple subnets to and from the mothership.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help!