Created a IPsec road-warrior howto for PfSense 2.0-BETA5



  • Hello, I spent some time trying to get IPsec tunnels for road warriors to work on PfSense 2.0-BETA5 and I documented the whole thing in a howto: http://www.huijgen.com/tunnel. Perhaps it can be of use to someone. Feel free to take it, republish it or improve on it.



  • Vorkbaard,

    Why not just use OpenVPN?  is there some advantage to IPsec?

    BTW, very nice how-to!

    Roy…



  • Because I don't know how to get OpenVPN to work. I tried. I failed with OpenVPN but IPsec worked. So there :P

    Also, thanks :)



  • with 2.0, OpenVPN is a piece of cake.  It's way easier than the IPsec stuff you figured out.  :)

    Roy…



  • Everything's easy once you know how to do it :)



  • good point  :)

    I'm no OpenVPN expert but if you decide to give it another try, I would be glad to give you any help that could.

    Roy…



  • I will, thank you! Can you suggest a howto or tutorial for OpenVPN on PfSense 2.0-BETA? My main problem is lack of knowledge of ways outside of PfSense to create and manage certificates.



  • I really haven't got that far yet.  I just using the OpenVPN Wizard to create the service and then used the OpenVPN Client Export Utility to create the necessary client files.  so I only have a single user account working at this point and haven't really played around with any external certificates.

    Roy…



  • Ok, I got OpenVPN to work. The internal CA is pretty handy and the Client Export Package is a great help.

    From a user perspective I prefer IPsec however. The Shrew Soft VPN client requires less work from the user to get it to run and connect it to the corp network. On the other hand OpenVPN can connect to multiple subnets. I guess that PfSense 2.0 will allow IPsec for that as well but that used to be a real pain with IPsec.

    Anyway it's nice to have more options.

    What I'd really like to get working it L2TP so we can connect our Windows Mobile devices and laptops to dial into the corp network without a third party client.



  • @Vorkbaard:

    What I'd really like to get working it L2TP so we can connect our Windows Mobile devices and laptops to dial into the corp network without a third party client.

    +1 would love to figure out how to get that working!


  • Rebel Alliance Developer Netgate

    IPsec+L2TP isn't likely to work how most people might want to it (like for Windows clients) on 2.0. At least not for clients that connect from dynamic IPs.



  • That's nice to know in advance, jimp, thanks ;)



  • Vorkbaard: it's a nice tutorial, thank you, I'm definitely going to give it a try. Just a question about Shrew Soft VPN client: it sure must be installed and configured by an admin, but - can it be succesfully run by a regular limited user?

    Because that's what I hate about OpenVPN client for Windows - it needs to be run under administrator rights. And I don't like the idea of giving the sales people admin credentials… :(



  • Yes, we do that all the time. Works fine for regular users who are not local admins on their machines.



  • Great info, thank you!  :)


Log in to reply