Setting up the pfSense as a mobile client (not as a server)

yi2020 · Nov 28, 2016, 5:40 PM

We have a corp VPN (Fortinet) which allows mobile clients (what's called "Cisco IPsec" VPN on MacOS). It uses a PSK, username and password.

I want the pfSense to connect to it. Since the pfSense is the default gateway for my internal LAN, what I would want to happen is that my internal hosts forward their traffic to the pfSense which chooses to send them over the VPN to the corp VPN instead of to the Internet.

I don't want to go through the work of setting up full S2S ipsec with two phases etc. (I don't control the Fortinet).

How do I accomplish this?

bachi · Jan 6, 2017, 11:26 PM

I'm also interested in this kind of setup. Is it possible somehow?

artooro · Mar 20, 2021, 2:03 AM

I was just searching this topic, not for the same use case but to centrally manage a lot of pfSense appliances, I think being able to set them up as IPsec clients with a virtual IP would be useful.
At this time I have to create a separate tunnel for each managed pfSense, instead of dynamically provisioning virtual IPs via Radius.

I'm pretty sure the answer is no, and the strongswan virtual IP option cannot be used with pfSense as a client.