Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Created a IPsec road-warrior howto for PfSense 2.0-BETA5

    IPsec
    5
    15
    6749
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vorkbaard last edited by

      Hello, I spent some time trying to get IPsec tunnels for road warriors to work on PfSense 2.0-BETA5 and I documented the whole thing in a howto: http://www.huijgen.com/tunnel. Perhaps it can be of use to someone. Feel free to take it, republish it or improve on it.

      1 Reply Last reply Reply Quote 0
      • R
        rpsmith last edited by

        Vorkbaard,

        Why not just use OpenVPN?  is there some advantage to IPsec?

        BTW, very nice how-to!

        Roy…

        1 Reply Last reply Reply Quote 0
        • V
          Vorkbaard last edited by

          Because I don't know how to get OpenVPN to work. I tried. I failed with OpenVPN but IPsec worked. So there :P

          Also, thanks :)

          1 Reply Last reply Reply Quote 0
          • R
            rpsmith last edited by

            with 2.0, OpenVPN is a piece of cake.  It's way easier than the IPsec stuff you figured out.  :)

            Roy…

            1 Reply Last reply Reply Quote 0
            • V
              Vorkbaard last edited by

              Everything's easy once you know how to do it :)

              1 Reply Last reply Reply Quote 0
              • R
                rpsmith last edited by

                good point  :)

                I'm no OpenVPN expert but if you decide to give it another try, I would be glad to give you any help that could.

                Roy…

                1 Reply Last reply Reply Quote 0
                • V
                  Vorkbaard last edited by

                  I will, thank you! Can you suggest a howto or tutorial for OpenVPN on PfSense 2.0-BETA? My main problem is lack of knowledge of ways outside of PfSense to create and manage certificates.

                  1 Reply Last reply Reply Quote 0
                  • R
                    rpsmith last edited by

                    I really haven't got that far yet.  I just using the OpenVPN Wizard to create the service and then used the OpenVPN Client Export Utility to create the necessary client files.  so I only have a single user account working at this point and haven't really played around with any external certificates.

                    Roy…

                    1 Reply Last reply Reply Quote 0
                    • V
                      Vorkbaard last edited by

                      Ok, I got OpenVPN to work. The internal CA is pretty handy and the Client Export Package is a great help.

                      From a user perspective I prefer IPsec however. The Shrew Soft VPN client requires less work from the user to get it to run and connect it to the corp network. On the other hand OpenVPN can connect to multiple subnets. I guess that PfSense 2.0 will allow IPsec for that as well but that used to be a real pain with IPsec.

                      Anyway it's nice to have more options.

                      What I'd really like to get working it L2TP so we can connect our Windows Mobile devices and laptops to dial into the corp network without a third party client.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jdetmold last edited by

                        @Vorkbaard:

                        What I'd really like to get working it L2TP so we can connect our Windows Mobile devices and laptops to dial into the corp network without a third party client.

                        +1 would love to figure out how to get that working!

                        1 Reply Last reply Reply Quote 0
                        • jimp
                          jimp Rebel Alliance Developer Netgate last edited by

                          IPsec+L2TP isn't likely to work how most people might want to it (like for Windows clients) on 2.0. At least not for clients that connect from dynamic IPs.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • V
                            Vorkbaard last edited by

                            That's nice to know in advance, jimp, thanks ;)

                            1 Reply Last reply Reply Quote 0
                            • P
                              Pontiac_CZ last edited by

                              Vorkbaard: it's a nice tutorial, thank you, I'm definitely going to give it a try. Just a question about Shrew Soft VPN client: it sure must be installed and configured by an admin, but - can it be succesfully run by a regular limited user?

                              Because that's what I hate about OpenVPN client for Windows - it needs to be run under administrator rights. And I don't like the idea of giving the sales people admin credentials… :(

                              1 Reply Last reply Reply Quote 0
                              • V
                                Vorkbaard last edited by

                                Yes, we do that all the time. Works fine for regular users who are not local admins on their machines.

                                1 Reply Last reply Reply Quote 0
                                • P
                                  Pontiac_CZ last edited by

                                  Great info, thank you!  :)

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post