I want to communicate pfsense A to pfsense B

makamancha03

Hello everyone I'm just a new guy here. Please help me out.

I installed 2 pfsense firewall and configured as well.

pfsense 1. ip address: 192.168.1.1 - for department
                subnet: 255.255.255.0
                dns adress: 208.67.222.222 / 208.67.220.220

pfsense 2. ip address: 192.168.3.1 - for students
                subnet: 255.255.255.0
                  dns adress: 208.67.222.222 / 208.67.220.220

Is it possible to communicate this 2 pfsense firewall, if ever i want to ping from pfsense 1 to pfsense 2 or vice versa. Or even remote  desktop, shared files.. etc.

Can you please help me out how to communicate this two pfsense firewall. I dont which method i will use, if openvpn, ipsec, dyndns..etc.

Appreciate it if you help me how to configure. Thanks alot.

Derelict

You should probably start with this:

https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

makamancha03

i already try that method, but didnt work. must be missing somethin'. anyone who can share there ideas? need help. thanks.

Derelict

"didn't work"

That's the way to do it, dude. Can't tell what you did wrong with nothing but "didn't work." And I know you did something wrong because if you did it all right it would be working.

Look at the diagram in my sig. pfSense A LAN (172.25.232.0/24) and pfSense B LAN (172.25.233.0/24) talk just fine over OpenVPN Site-to-Site.

You will need to post screenshots of all your config pages, etc.

awair

You could also try IPSec, if you want to do site-to-site.

Suggest for either case you set up two clients in the same private LAN or lab, before checking this out over the internet.

I spent just over a month testing both OpenVPN & IPSec, before going live. When I did, it all just worked as per the manual.

If you use the OpenVPN wizard, then the appropriate Firewall rules are created. This doesn't seem to happen with IPSec.

Maybe one of the experts can advise of the relative merits of OpenVPN vs IPSec. (I just copied what was working with my old Linksys routers, and will implement improvements incrementally.)

Good luck.

Derelict

OpenVPN is routed, IPsec traffic selectors are in the kernel

You can policy route into OpenVPN, not so with IPsec

Along those lines you can forward traffic from the internet over OpenVPN to a target host and get the benefit of reply-to for the reply traffic. Not so with IPsec.

IPsec generally performs faster than OpenVPN

You generally don't have a lot of interoperability issues with OpenVPN. IPsec, particularly IKEv1, can be, umm, challenging.

That's my short list of important differences