Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN site-to-site tunnel between VyOS and pfSense

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cs9112
      last edited by

      Hi, I would like to create VPN tunnel site-to-site between VyOS and pfSense routers. When I created a configuration between devices, connection is established but tunnel is not up. What I should to change? I can ping from pfSense to VyOS and vice versa. VyOS ip: 192.168.2.1/24 PFsense ip: 192.168.2.33/24

      Config VYOS

      vpn {
ipsec {
    esp-group ESP-1W {
        compression disable
        lifetime 1800
        mode tunnel
        pfs enable
        proposal 1 {
            encryption aes256
            hash sha1
        }
        proposal 2 {
            encryption 3des
            hash md5
        }
    }
    ike-group IKE-1W {
        ikev2-reauth no
        key-exchange ikev1
        lifetime 3600
        proposal 1 {
            encryption aes256
            hash sha1
        }
        proposal 2 {
            encryption aes128
            hash sha1
        }
    }
    ipsec-interfaces {
        interface eth1
    }
    site-to-site {
        peer 192.168.2.33 {
            authentication {
                mode pre-shared-secret
                pre-shared-secret test_key_1
            }
            connection-type initiate
            default-esp-group ESP-1W
            ike-group IKE-1W
            ikev2-reauth inherit
            local-address 192.168.2.1
            tunnel 1 {
                allow-nat-networks disable
                allow-public-networks disable
                local {
                    prefix 192.168.40.0/24
                }
                remote {
                    prefix 192.168.60.0/24
                }
            }
        }
    }
}
}

      Config pfSense


      1 Reply Last reply Reply Quote 0
      • B
        barnettd
        last edited by

        On phase 2 config at pfsense, try specifying a network instead of LAN subnet.

        1 Reply Last reply Reply Quote 0
        • M
          mikee
          last edited by

          You are not showing the phase2 config you are using in the pfSense and that is what it is failing.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.