Pfsense to pfsense VPN



  • I'm looking to setup a VPN between two pfsense boxes.
    I've tried using the ipsec/pfsense tutorial, but that didn't work.

    First off, should I use openVPN or IPsec?
    I can handle shell commands, but the person on the other end would be better off sticky to a gui.

    Any suggestions?



  • It depends which VPN implementation is more suitable for you but IPSEC with shared secret is much more easy to setup than OpenVPN. IPSEC needs at least 1 static IP at one end. The other end can be dynamic (as shown in the tutorial). Setting it up with static IPs at both ends is even easier as you don't have to add identifiers but can use the static IPs of both ends to authenticate.

    How do your WANs at both ends look like? Dynamic IPs? Public IPs at WAN or some natting routers in front?

    Btw, you shouldn't need to set up anything at the shell level as these settings will be overwritten on config changes via gui or reboot anyway (everything is reconfigured from the webgui and the config.xml).



  • hello friends, wanted to know like generating a key shared for openVPN ??





  • @hoba:

    It depends which VPN implementation is more suitable for you but IPSEC with shared secret is much more easy to setup than OpenVPN. IPSEC needs at least 1 static IP at one end. The other end can be dynamic (as shown in the tutorial). Setting it up with static IPs at both ends is even easier as you don't have to add identifiers but can use the static IPs of both ends to authenticate.

    How do your WANs at both ends look like? Dynamic IPs? Public IPs at WAN or some natting routers in front?

    Btw, you shouldn't need to set up anything at the shell level as these settings will be overwritten on config changes via gui or reboot anyway (everything is reconfigured from the webgui and the config.xml).

    I have two non-nat/not-firewalled public dynamic IPs, however they hardly ever change, and it isn't a problem for me to change it whenever it breaks (every 2 months or so).
    I can setup a hostname for one of the ends, but I don't know if there's a way I can get IPsec to resolve that.



  • just posted this yesterday:

    http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense

    it explains client->pfsense connections, but you should be able to use the information for pfsense->pfsense type connections



  • Robbyt,
    Thanks for the great doc!
    I think I successfully generated my keys and configured my PFsense box.
    The other side is an IPcop box with OpenVPN installed. I've tried to create it as the client.
    However, it just doesn't seem to ever open the VPN.

    On PFsense do I need to create any rules or setup NAT for port 1194? Does OpenVPN run on the WAN NIC?

    I feel like I'm missing a critical step here.

    Thanks
    -N


Locked