Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best way to VPN two pfsense boxes over the internet?

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      torontob
      last edited by

      Hi Everyone,

      I have OpenVPN setup on an Alix2d13 with pfSense. I have another exact Alix2d13 running pfSense (both v1.2.3). I want to connect these two boxes together. I failed attempting to make one Alix board as a server and the other as a client. In fact the server works and I can connect to it using MS Windows or a linux distribution but when I try to setup Client and Client Specific Configuration on the second pfSense box it never connects and I am not sure where to exactly check to display the problem.

      I have followed the road worrier guide posted on the forums for OpenVPN and so that is working fine. Can you point me to another guide or would you prefer me use PPTP or IPSEC for this direct link? Either ways Iwould need some details like the road worrier guide.

      Thanks alot

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        When you connect two routers together, the better way is to use a shared key tunnel, not PKI.ย  You can do PKI, but it's much harder to setup.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          torontob
          last edited by

          Thanks for the input. I wan just noticing that yesterday before I give up.

          How can I produce the shared key for the tunnel? please explain a bit. Also, I do have the PKI method as well on one of the routers as I mentioned and I don't want to get rid of that as it's serving my road worrier users.

          Thanks

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You can make a shared key easy by going to Diagnostics > Command and entering:

            openvpn --genkey --secret /dev/stdout 
            

            Then copy and paste the result into the shared key both on both routers.

            Leave your PKI setup for road warriors alone, and just make a new entry for the site-to-site setup. There are some OpenVPN site-to-site tutorials elsewhere here on the forum and on the doc wiki, book, etc.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • T
              torontob
              last edited by

              Thanks a lot. And if I want to use that shared key with a CentOS server that has OpenVPN server installed. Should I just do the same thing on the CentOS and copy it to a file (name?) in /etc/openvpn and copy that into the shared key for pfsense as well?

              Thanks

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                The shared key can be used on any OS, it's just plain text. Just put it wherever the client expects it to be.

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • T
                  torontob
                  last edited by

                  What would the client.conf look like for using PKI on the OS?

                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.