I want to communicate pfsense A to pfsense B



  • Hello everyone I'm just a new guy here. Please help me out.

    I installed 2 pfsense firewall and configured as well.

    pfsense 1. ip address: 192.168.1.1 - for department
                    subnet: 255.255.255.0
                    dns adress: 208.67.222.222 / 208.67.220.220

    pfsense 2. ip address: 192.168.3.1 - for students
                    subnet: 255.255.255.0
                      dns adress: 208.67.222.222 / 208.67.220.220

    Is it possible to communicate this 2 pfsense firewall, if ever i want to ping from pfsense 1 to pfsense 2 or vice versa. Or even remote  desktop, shared files.. etc.

    Can you please help me out how to communicate this two pfsense firewall. I dont which method i will use, if openvpn, ipsec, dyndns..etc.

    Appreciate it if you help me how to configure. Thanks alot.


  • Netgate

    You should probably start with this:

    https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site



  • i already try that method, but didnt work. must be missing somethin'. anyone who can share there ideas? need help. thanks.


  • Netgate

    "didn't work"

    That's the way to do it, dude. Can't tell what you did wrong with nothing but "didn't work." And I know you did something wrong because if you did it all right it would be working.

    Look at the diagram in my sig. pfSense A LAN (172.25.232.0/24) and pfSense B LAN (172.25.233.0/24) talk just fine over OpenVPN Site-to-Site.

    You will need to post screenshots of all your config pages, etc.


  • Rebel Alliance

    You could also try IPSec, if you want to do site-to-site.

    Suggest for either case you set up two clients in the same private LAN or lab, before checking this out over the internet.

    I spent just over a month testing both OpenVPN & IPSec, before going live. When I did, it all just worked as per the manual.

    If you use the OpenVPN wizard, then the appropriate Firewall rules are created. This doesn't seem to happen with IPSec.

    Maybe one of the experts can advise of the relative merits of OpenVPN vs IPSec. (I just copied what was working with my old Linksys routers, and will implement improvements incrementally.)

    Good luck.


  • Netgate

    OpenVPN is routed, IPsec traffic selectors are in the kernel

    You can policy route into OpenVPN, not so with IPsec

    Along those lines you can forward traffic from the internet over OpenVPN to a target host and get the benefit of reply-to for the reply traffic. Not so with IPsec.

    IPsec generally performs faster than OpenVPN

    You generally don't have a lot of interoperability issues with OpenVPN. IPsec, particularly IKEv1, can be, umm, challenging.

    That's my short list of important differences