I want to communicate pfsense A to pfsense B

makamancha03 · Jan 10, 2017, 2:50 AM

Hello everyone I'm just a new guy here. Please help me out.

I installed 2 pfsense firewall and configured as well.

pfsense 1. ip address: 192.168.1.1 - for department
subnet: 255.255.255.0
dns adress: 208.67.222.222 / 208.67.220.220

pfsense 2. ip address: 192.168.3.1 - for students
subnet: 255.255.255.0
dns adress: 208.67.222.222 / 208.67.220.220

Is it possible to communicate this 2 pfsense firewall, if ever i want to ping from pfsense 1 to pfsense 2 or vice versa. Or even remote desktop, shared files.. etc.

Can you please help me out how to communicate this two pfsense firewall. I dont which method i will use, if openvpn, ipsec, dyndns..etc.

Appreciate it if you help me how to configure. Thanks alot.

Derelict · Jan 10, 2017, 2:56 AM

You should probably start with this:

https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

makamancha03 · Jan 13, 2017, 6:04 AM

i already try that method, but didnt work. must be missing somethin'. anyone who can share there ideas? need help. thanks.

Derelict · Jan 13, 2017, 7:03 AM

"didn't work"

That's the way to do it, dude. Can't tell what you did wrong with nothing but "didn't work." And I know you did something wrong because if you did it all right it would be working.

Look at the diagram in my sig. pfSense A LAN (172.25.232.0/24) and pfSense B LAN (172.25.233.0/24) talk just fine over OpenVPN Site-to-Site.

You will need to post screenshots of all your config pages, etc.

awair · Feb 6, 2017, 6:15 PM

You could also try IPSec, if you want to do site-to-site.

Suggest for either case you set up two clients in the same private LAN or lab, before checking this out over the internet.

I spent just over a month testing both OpenVPN & IPSec, before going live. When I did, it all just worked as per the manual.

If you use the OpenVPN wizard, then the appropriate Firewall rules are created. This doesn't seem to happen with IPSec.

Maybe one of the experts can advise of the relative merits of OpenVPN vs IPSec. (I just copied what was working with my old Linksys routers, and will implement improvements incrementally.)

Good luck.

Derelict · Feb 6, 2017, 11:43 PM

OpenVPN is routed, IPsec traffic selectors are in the kernel

You can policy route into OpenVPN, not so with IPsec

Along those lines you can forward traffic from the internet over OpenVPN to a target host and get the benefit of reply-to for the reply traffic. Not so with IPsec.

IPsec generally performs faster than OpenVPN

You generally don't have a lot of interoperability issues with OpenVPN. IPsec, particularly IKEv1, can be, umm, challenging.

That's my short list of important differences