Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I want to communicate pfsense A to pfsense B

    OpenVPN
    3
    6
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      makamancha03
      last edited by

      Hello everyone I'm just a new guy here. Please help me out.

      I installed 2 pfsense firewall and configured as well.

      pfsense 1. ip address: 192.168.1.1 - for department
                      subnet: 255.255.255.0
                      dns adress: 208.67.222.222 / 208.67.220.220

      pfsense 2. ip address: 192.168.3.1 - for students
                      subnet: 255.255.255.0
                        dns adress: 208.67.222.222 / 208.67.220.220

      Is it possible to communicate this 2 pfsense firewall, if ever i want to ping from pfsense 1 to pfsense 2 or vice versa. Or even remote  desktop, shared files.. etc.

      Can you please help me out how to communicate this two pfsense firewall. I dont which method i will use, if openvpn, ipsec, dyndns..etc.

      Appreciate it if you help me how to configure. Thanks alot.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You should probably start with this:

        https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          makamancha03
          last edited by

          i already try that method, but didnt work. must be missing somethin'. anyone who can share there ideas? need help. thanks.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            "didn't work"

            That's the way to do it, dude. Can't tell what you did wrong with nothing but "didn't work." And I know you did something wrong because if you did it all right it would be working.

            Look at the diagram in my sig. pfSense A LAN (172.25.232.0/24) and pfSense B LAN (172.25.233.0/24) talk just fine over OpenVPN Site-to-Site.

            You will need to post screenshots of all your config pages, etc.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              awair
              last edited by

              You could also try IPSec, if you want to do site-to-site.

              Suggest for either case you set up two clients in the same private LAN or lab, before checking this out over the internet.

              I spent just over a month testing both OpenVPN & IPSec, before going live. When I did, it all just worked as per the manual.

              If you use the OpenVPN wizard, then the appropriate Firewall rules are created. This doesn't seem to happen with IPSec.

              Maybe one of the experts can advise of the relative merits of OpenVPN vs IPSec. (I just copied what was working with my old Linksys routers, and will implement improvements incrementally.)

              Good luck.

              2.4.3 (amd64)
              and given up on the SG-1000

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                OpenVPN is routed, IPsec traffic selectors are in the kernel

                You can policy route into OpenVPN, not so with IPsec

                Along those lines you can forward traffic from the internet over OpenVPN to a target host and get the benefit of reply-to for the reply traffic. Not so with IPsec.

                IPsec generally performs faster than OpenVPN

                You generally don't have a lot of interoperability issues with OpenVPN. IPsec, particularly IKEv1, can be, umm, challenging.

                That's my short list of important differences

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.