PfSense as VPN Concentrator/Server



  • Good afternoon,

    I have a client who currently has a SonicWall TZ 205 that is acting as their border device and has maxed out the amount of IPSec site-2-sit tunnels (10) and currently need to bring up 3 more tunnels.

    I have been using pfSense for a while in our office and at a few clients sites where pfSense is the border device and handles the routing, firewall, VPN, etc., but now I am looking to use pfSense for just IPSec site-2-site tunnels behind the SonicWall device.  Is it possible to set pfSense up behind the SonicWall and have it handle the additional VPN tunnels that they need?

    I am getting caught up figuring out how to assign interfaces and such so that I only need to plug in 1 ethernet cable?  Is there a way to do this? Would I need a separate static IP address, or do I need to move all tunnels to the pfSense box?

    Any help would be greatly appreciated.

    Thank you.



  • My first instinct would be to suggest that you simply replace the SonicWall with pfsense….. 8)

    I understand that may be an ambitious start, and while I'm no expert at SonicWall, I seem to recall you can create a DMZ port in SonicWall.
    You should be able to present that port to the WAN port on pfsense much as you would to an internet facing Web server.
    That should let you create an IPSec tunnel to the pfsense box.  The LAN side of pfsense will have to "merge" with your existing LAN subnet, unless you're willing to dedicate a new subnet just for the pfsense IPSec.

    If you can give some more details (and/or diagrams) about what you envision this setup to look like, maybe we can help you arrive at a solution.


Log in to reply