Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    L2TP/IPsec VS OpenVPN on pfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 5 Posters 953 Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NollipfSenseN Offline
      NollipfSense
      last edited by

      There isn't a VPN section so I post here. I am very familiar with L2TP/IPsec on Mikrotik but have never installed or configured it on pfSense. So, what is the experience of users of pfSense? What I'll be using VPN for is road warrior setup to check home, such as view cameras, check AC, or grab a file, or maybe later, open door for domestic worker, etc. My days of watching friend’s movies from their servers are over.

      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

      JKnottJ 1 Reply Last reply Reply Quote 0
      • N Offline
        netblues
        last edited by netblues

        Wireguard? (for the ones who like the bleeding edge..)
        Apart from that, since you mention road warrior , I would say openvpn, just because it works everywhere, even behind double nat.
        This isn't always the case with ipsec

        1 Reply Last reply Reply Quote 0
        • JKnottJ Offline
          JKnott @NollipfSense
          last edited by

          @nollipfsense

          Actually, there are 3 I can think of, IPSec, OpenVPN and Wireguard. OpenVPN has long been popular for personal use, though Wireguard is coming along too. I have set up OpenVPN for my own use and IPSec for businesses, but have not done anything with Wireguard. There's one thing you have to be careful of though. With IPv4 & NAT, you might find yourself with the same network address at both ends, which will make the VPN unusable.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          NollipfSenseN 1 Reply Last reply Reply Quote 0
          • stephenw10S Online
            stephenw10 Netgate Administrator
            last edited by

            Yeah, I would start with OpenVPN and then look at other things if you need more speed.

            1 Reply Last reply Reply Quote 0
            • NollipfSenseN Offline
              NollipfSense @JKnott
              last edited by

              @jknott said in L2TP/IPsec VS OpenVPN on pfSense:

              I have set up OpenVPN for my own use and IPSec for businesses

              My use case is both personal, and business (home office) so I'll emulate yours.

              pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
              pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

              ? 1 Reply Last reply Reply Quote 0
              • ? Offline
                A Former User @NollipfSense
                last edited by

                @nollipfsense said in L2TP/IPsec VS OpenVPN on pfSense:

                My use case is both personal, and business (home office) so I'll emulate yours.

                Hello,

                a little bit late but for the records it is also pending on what hardware is in usage and for what you need it.

                • pfSense to pfSense I would prefer IPsec with QAT on
                  (if available on both sides)

                • pfSense to other I would prefer IPSec with AES-NI on|-left aligned paragraph

                • Mobile device to pfSense IPSec is your hero

                • OpenVPN became or is the hidden defacto industrial standard

                • WireGuard the future hope

                • IPSec war proofed and spread out widely

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.