Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New to Pfsense: Not sure where to start with VPN

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 5 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kyle.Sutherland
      last edited by

      My company recently got a new Pfsense box that has 2.0 loaded on it. Essentially, I don't know what to do or what is best for setting up VPN services.  Here are my needs and this is the situation:

      1.  I do NOT need site to site.
      2.  I need my users on the road to be able to access network resources (network shares, license servers, intranet).
      3.  I do not want internet traffic routed through the VPN.
      4.  Ideally, we use the built in windows client to connect (XP or 7) but if it's no good an we should use shrewsoft or something, feel free to say so.
      5.  We have a windows server domain controller that functions as DHCP server as well.
      6.  We have one user that uses a Mac.
      7.  We would like functionality for android/ipad to get on the vpn as well.

      My principal is bent on using IPSec for some reason, but I can't figure out where to start with that.  And if it's silly to use that, feel free to say so.  I searched through forums and http://doc.pfsense.org/index.php/VPN_Capability_IPsec but that only talks about site to site.

      Any help/advice would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • C
        ccb056
        last edited by

        Best client I've found for connecting from behind super restrictive firewalls is openvpn.  If all else fails put it on TCP/443 and it should punch through.  UDP is recommended though as TCP over TCP can cause a snowball effect of problems if you get into packet loss.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Not sure I would choose ipsec either, as pointed out - behind restrictive firewalls making connections to ipsec is quite often blocked.  Tell for sure can not do from my work location that is for sure.  But openvpn using tcp 433 works just fine, and can even bounce that off a http proxy.

          But if you have your heart set on using ipsec, looks to be simple setup under ipsec:mobile

          ipsecmobile.jpg
          ipsecmobile.jpg_thumb

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • D
            dhatz
            last edited by

            @johnpoz:

            But if you have your heart set on using ipsec, looks to be simple setup under ipsec:mobile

            He might want to do a forum search first, as people seem to be having problems with IPsec mobile clients to pfsense 2.0

            Also keep in mind that L2TP/IPsec (Windows prior to 7) and IKEv2 (Win7) don't work with pfSense.

            So using OpenVPN with mobile clients seems to be the best option.

            1 Reply Last reply Reply Quote 0
            • R
              ResIpsa
              last edited by

              I would recommend using OpenVPN if possible.  I have to use IPSEC as I want VPN access from my iPhone and I cannot jailbreak because it is a work device.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.