Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense Site to Site VPN AND Remote Acess Client using IPSec???

    Scheduled Pinned Locked Moved
    OpenVPN
    ipsec openvpn vpn client vpn
    2
    4
    950
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      treborjm87
      last edited by treborjm87

      Can’t seem to find a definite yes to my question. I have had Site to Site working for awhile, but now need a remote client capability as well. I have had a OpenVPN Server working in the past for a single Remote Access Client.

      If this isn’t possible, what combination will work?

      I’m assuming that processing speed will come into play trying to run a Site to Site and a Remote Access server (with AES encryption) on the same instance. I may need to move to a more powerful server on one end.

      Thanks for any help!

      Rob

      1 Reply Last reply Reply Quote 0
      • P
        piousgreek
        last edited by piousgreek

        Yes, you can have site to site as one server and remote access for a road warrior on another instance. Servers would have different listening ports and configs. Doing everything in openvpn would probably be easier, but you can have an ipsec instance as well.

        OpenVPN shared key site to site only allows one client per server. SSL TLS site to site allows multiple clients on the same server instance.

        Remote access warriors can share there own config and server.

        You can set up routes or configure it for access across the different tunnels.

        Not sure what hardware you need to satisfy your use case.

        1 Reply Last reply Reply Quote 0
        • T
          treborjm87
          last edited by

          That’s a great input! I really do appreciate it. Yeah, I’m not sure if my PfSense processor will be able to handle the extra load or not. I don’t really have any huge amounts of sensitive data going between my sites, but I still opted to run high encryption In case I ever step up the sensitive data. The AMD CPU has AES instructions, but I can still see a dramatic increase in CPU use when traffic is passing between sites. This is a HP t620 plus. (Specs: HP Flexible t620 PLUS - tower - GX-420CA 2 GHz 4GB RAM; 16 GB SSD) I am just curious as to what most folks are using for processing a Site to Site and a Remote Access Client using IPSec.

          P 1 Reply Last reply Reply Quote 0
          • P
            piousgreek @treborjm87
            last edited by

            @treborjm87

            I'd be curious about this as well...

            I think you need to establish how much throughput/bandwidth you need and how many concurrent user connections you anticipate, etc? (Is this box dedicated to routing and VPN only or more exotic use cases like running VMs, etc)

            I've seen some charts floating around with hardware recommendations based on required throughput here and at the servethehome website.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post