Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Make setting up IPSec site to site VPN's easier

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    11 Posts 4 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jlepthien
      last edited by

      Easier? It is more than easy now. Look at some big StoneGates…..That is not easy ;-)

      Edit: End with this lame setup you even cannot decide which settings you like. What kind of encryption? Hash? Lifetimes? Pretty insecure....

      | apple fanboy | music lover | network and security specialist | in love with cisco systems |

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That method also does not let you have multiple phase 2 subnets, like the one on 2.0 does.

        There is always a securty-vs-convenience tradeoff. Nothing (really) easy is (really) secure, or in this case, also flexible/configurable.

        Though someone could write a simple IPsec wizard which would take basic settings such as this and setup the tunnel which can later be adjusted by hand.

        Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          rugby
          last edited by

          @jlepthien:

          Easier? It is more than easy now. Look at some big StoneGates…..That is not easy ;-)

          Edit: End with this lame setup you even cannot decide which settings you like. What kind of encryption? Hash? Lifetimes? Pretty insecure....

          You can do an advanced setup on the SG's and define all of that information.Ā  That's how I get my PFSense 2 boxes to communicate with them.Ā  I am not an IPSec dummy, but for the life of me I cannot get 2 PFsense 2 boxes to establish site to site IPSec vpn tunnels for some reason.Ā  both have static IP's and still no luck.

          1 Reply Last reply Reply Quote 0
          • R
            rugby
            last edited by

            @jimp:

            That method also does not let you have multiple phase 2 subnets, like the one on 2.0 does.

            There is always a securty-vs-convenience tradeoff. Nothing (really) easy is (really) secure, or in this case, also flexible/configurable.

            Though someone could write a simple IPsec wizard which would take basic settings such as this and setup the tunnel which can later be adjusted by hand.

            I think a wizard might be a good idea.Ā  There are SO many options available that streamlining the process might work.

            1 Reply Last reply Reply Quote 0
            • J
              jlepthien
              last edited by

              Nowadays IPSec is such an easy task to do, especially if both ends are the same. There is not much that you need to think about ;-)

              | apple fanboy | music lover | network and security specialist | in love with cisco systems |

              1 Reply Last reply Reply Quote 0
              • _
                _igor_
                last edited by

                I think, one or two or maybe more tutorials will make that thing easier. Mostly you connect to other appliance than pfSense. This is the real hard thing where more possibilities make life easier. Thinking in just that about special settings, one is supported on the other side, others not. Without all settings available you will be lost.
                A good example for IPSEC-clients is ipsecuritas. (For mac only). Best soft I know, free and lots of tutorials and Help.

                So if anyone has success with a special setting, make it public for others please! Thanks.

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  There are lots of interoperability examples on the doc wiki and in the book as well. I suppose they will need redone for 2.0 but the basic options are all still there, just some added ones that can help even further.

                  Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • J
                    jlepthien
                    last edited by

                    If you have a good understanding of IPSec then you will get the tunnels up and running. We have connected our WatchGuards to almost every kind of other firewall system with success. Sometimes it needs some "tuning" but most of the time all "enterprise" products have the same settings so it is not a big deal…

                    | apple fanboy | music lover | network and security specialist | in love with cisco systems |

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      @jlepthien:

                      If you have a good understanding of IPSec then you will get the tunnels up and running. We have connected our WatchGuards to almost every kind of other firewall system with success. Sometimes it needs some "tuning" but most of the time all "enterprise" products have the same settings so it is not a big deal…

                      I can echo this sentiment. I have yet to see another router device which was unable to talk to pfSense using IPsec. Client devices and software are a little different, but most of those work as well. (Several software clients are also covered in the book, by the way)

                      Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • R
                        rugby
                        last edited by

                        @jlepthien:

                        If you have a good understanding of IPSec then you will get the tunnels up and running. We have connected our WatchGuards to almost every kind of other firewall system with success. Sometimes it needs some "tuning" but most of the time all "enterprise" products have the same settings so it is not a big deal…

                        Sometimes it's just the terminology between endpoint identifier types.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.