Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Configuration Question

    General pfSense Questions
    3
    6
    626
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Spyderturbo007
      last edited by

      This is more of a pre-sales question, but I have 3 sites all with different edge devices. A Sonicwall, a EdgeRouter X and an EdgeRouter 4. Right now there is a IPSec Site-to-Site VPN between the main site and each of the sub sites. The sub sites do not need to communicate with each other.

      I want to swap each device out with a 6100 and wanted to make sure that I could setup the same configuration? If so, would I want to do that with OpenVPN? I'm not sure where to start with finding instructions on setting it up, because I'm not sure of the best way to do things.

      Thank you!

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @Spyderturbo007
        last edited by

        @spyderturbo007 said in VPN Configuration Question:

        I want to swap each device out with a 6100 and wanted to make sure that I could setup the same configuration? If so, would I want to do that with OpenVPN? I'm not sure where to start with finding instructions on setting it up, because I'm not sure of the best way to do things.

        I wouldn't use OVPN for multiple Site to Site networks. IPsec, Wireguard, etc., are very much geared to this and make it very easy to deploy. https://docs.netgate.com/pfsense/en/latest/recipes/index.html#ipsec

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        S 1 Reply Last reply Reply Quote 0
        • S
          Spyderturbo007 @rcoleman-netgate
          last edited by

          @rcoleman-netgate said in VPN Configuration Question:

          @spyderturbo007 said in VPN Configuration Question:

          I want to swap each device out with a 6100 and wanted to make sure that I could setup the same configuration? If so, would I want to do that with OpenVPN? I'm not sure where to start with finding instructions on setting it up, because I'm not sure of the best way to do things.

          I wouldn't use OVPN for multiple Site to Site networks. IPsec, Wireguard, etc., are very much geared to this and make it very easy to deploy. https://docs.netgate.com/pfsense/en/latest/recipes/index.html#ipsec

          Whoa. That was the fastest response in the history of support responses. 😊 Thank you so much @rcoleman-netgate

          I would also want to setup a VPN for individual users. Would the best option there be OpenVPN?

          Any thoughts on IPsec vs Wireguard?

          R 1 Reply Last reply Reply Quote 1
          • R
            rcoleman-netgate Netgate @Spyderturbo007
            last edited by

            @spyderturbo007 Part of my job involves monitoring the forums and reddit :D

            I have no thoughts on Wireguard, to be honest. I haven't had a chance to really work with it yet -- the one time I did a test deployment I bungled it.

            Personally I am not a fan of OVPN. I know it works. But I can just as easily disable a login user for IPSEC RA. IPsec is bullet-proof once you get it going. I also have mine set up as a full-tunnel so all the traffic comes through home/DC and that is really helpful when road warrioring.

            But OVPN will work almost anywhere... which is why it's so popular.

            Ryan
            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
            Requesting firmware for your Netgate device? https://go.netgate.com
            Switching: Mikrotik, Netgear, Extreme
            Wireless: Aruba, Ubiquiti

            S 1 Reply Last reply Reply Quote 1
            • S
              Spyderturbo007 @rcoleman-netgate
              last edited by

              @rcoleman-netgate

              I'm circling back to this now that my hardware got delivered. I might have miscalculated when I made my purchase, but I think it might be too late now. I purchased 3 x 6100. I think getting something more powerful for the main location and less powerful for the remote locations might have been a better choice. Oh well. Live and learn.

              Anyway, so from what I gather from your posts, I should go with IPSec for the site to site VPNs and Wireguard for the client to site work from home instances? Would that work better than OVPN for client to site?

              What's the best walkthrough for me to use to set this up? Two locations have a domain controller (two separate domains with an AD trust) and the 2rd location uses the DC on the other side of the current VPN.

              Do I want to use this example?

              https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html

              Also, is there an easy way for me to test this at my desk? So I could get it setup and then physically install the hardware? As opposed to having to drive around in circles until I get it working.

              Thank you!

              1 Reply Last reply Reply Quote 1
              • F
                FSC830
                last edited by FSC830

                Not exactly what you asked for, I do not have multiple pfSense devices here in real action.
                I am using IPsec for site-2-site VPN, but because remote devices supports only IPsec v1, the VPN connection is only established by demand (I enable the tunnel in pfSense GUI).
                For remote access to my LAN I use both, IPsec (v2) and Wireguard.
                Wireguard is really fast compared to the IPsec, but some complain, the client is less secure when the mobile device gets lost.

                With IPsec, you can specify an individual password when establishing the connection, with Wireguard all settings are stored iin the configuration. So if someone has physical access to the mobile device, he just opens the Wireguard app and is able to establish a connection.

                Regards

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.