IPSec Site to site VPN



  • Hello guys!

    I am very new to pfsense or other firewall. I just graduated college and have no experience yet in setting up a site to site VPN. I am sorry for asking here, maybe the answer to my questions are too easy but I already tried to search this thing in google and cannot find an answer.

    So this is it. The company bought two pfsense firewall so I can connect the branch and main office through VPN. A friend suggested me to use IPsec and followed everything he said. After that, when I connect the IPSec VPN, the status in both sides change to "connecting" only and does not connect. It seems they discover each other because when I click connect VPN to any of the two, they both update each other's status to "connecting" but that stops right there.

    I am really trying to fix this myself by searching online but no luck.

    I attached a picture of my network diagram hope someone can help me how to make this thing work. Thank you so much guys!

    0_1533711511277_VPN Plan Diagram.png


  • Netgate

    You are going to have to do what you need to do on those upstream devices to make it work, it sounds like.

    If they can do some sort of PPPoE pass through so pfSense itself is the PPPoE client you will probably be happier.

    If not, the first thing I would check is that IPsec on both sides is set to use the public IP address as the identifier.

    If you just set My IP Address as My Identifier on the left side and connect to 124.107.X.X, and they are configured to expect 180.190.y.y as the identifier, it won't work.

    If you configure the left side to be My Identifier: IP Address: 180.190.y.y it might work.

    If those PPPoE addresses are not static (you get the same assignment every time), but dynamic (they change), you will probably have to move to setting the IDs on both sides to a distinguished name set to a dynamic DNS name that change with the PPPoE address.

    PPPoE pass through on the ISP devices is probably the easiest thing.