diff --git a/bin/setup-driver.sh b/bin/setup-driver.sh
index bd51c988bfadb8eddfc42746690c1f5f8b23c409..ca704212afdc4d85cb67a4e79a504cfd7c43ee65 100755
--- a/bin/setup-driver.sh
+++ b/bin/setup-driver.sh
@@ -81,6 +81,20 @@ if [ -n $aggprefix ] ; then
     ip route add 192.168.0.0/16 via $agg_gw
 fi
 
+#
+# The firewall node also needs routes to the VPN networks via the
+# concentrator.
+#
+if [ $HOSTNAME = "fw" ]; then
+    for aggprefix in $AGGREGATES ; do
+	agglan="${aggprefix}lan"
+	eval "varname=${agglan}_CIDR"
+	eval "agg_cidr=\$$varname"
+
+	ip route add $agg_cidr via $con_conlink_IP
+    done
+fi
+
 # Mark things as done right here, it's safe.
 touch $OURDIR/setup-driver-done