@tinfoilmatt I could just as well use OpenVPN for S2S as the workaround.
But i Prefer Wireguard due to it’s simplicity - I find it’s just as fast as OpenVPN with hardware acc.
There is nothing wrong with either of those options - it’s just not enough in many cases… I’m not always in control of the other ends hardware, and IPsec then becomes the golden standard, and thus required.
Also, I much prefer to have only one VPN engine/setup running on pfSense - My “KISS OCD” does not like having multiple different VPN suites/rules and setups running when just IPSec should be enough.
PS: The pfSense mobile warrior IPsec setup is not replaceable :-)
I, and my customers, absolutely LOVE the pfSense Mobile VPN with it’s simple setup, and grouping of firewall rules due to multiple IP pools. Not having to deploy and maintain VPN clients, but just use the ones built into OS’s is an absolute WIN-WIN when coupled with 2FA from the MS Entra plugin to Microsofts NPS radius server.