Site to Site Recommendations
-
Hello All.
I have a client who is currently using a point-to-point connection with AT&T.(They utilized cisco routers and Voip). The client wants to reduce the monthly cost for the point to point setup between his two sites. So, this is when i met "PFSense". Would you recommend OpenVpn for this type of setup and if so, where are the guides for basics of setting up PFsense , getting the rules working, and getting OpenVpn setup between the 2 sites?
I seen some material on one of these related PFsense sites that OpenVpn doesnt filter traffic well. What features of OpenVpn and Pfsense in general that need a little more maturity if any?
Any comments would be greatly appreciated.
-
If you want guidance on OpenVPN, the OpenVPN site is the best place ;)
As for filtering traffic, at this point pfSense doesn't support applying filtering to the OpenVPN interface(s). ISTR that this will change with a future release (maybe 1.3). If restricting traffic to the site networks matters then you're probably best of simply using the pfSense hosts as VPN endpoints IMO.
-
Is it possible to achieve site to site VPN using the pfSense built-in PPTP functionality?
I am currently not having much luck with it, I can easily connect and use with Windows XP VPN but cannot do it between two pf boxes. From the 'connecting' pf box I get a series of:
mpd: [pptp] device: DOWN event in state OPENING
mpd: [pptp] device is now in state DOWN
mpd: [pptp] link: DOWN event
mpd: [pptp] LCP: Down event
mpd: [pptp] device: OPEN event in state DOWN
mpd: [pptp] pausing 7 seconds before open
mpd: [pptp] device is now in state DOWN
mpd: [pptp] device: OPEN event in state DOWN
mpd: [pptp] pausing 1 seconds before open
mpd: [pptp] device is now in state DOWN
mpd: [pptp] device: OPEN event in state DOWN
mpd: pptp0: connecting to x.x.x.x:1723
mpd: [pptp] device is now in state OPENINGand from the server:
mpd: [pt0] IFACE: Close event
mpd: [pt0] device is now in state CLOSING
mpd: [pt0] bundle: CLOSE event in state OPENED
mpd: [pt0] closing link "pt0"…
mpd: [pt0] device: DOWN event in state CLOSING
mpd: [pt0] device is now in state DOWN
mpd: [pt0] link: CLOSE event
mpd: [pt0] LCP: Close event
mpd: [pt0] LCP: state change Stopped –> Closed
mpd: [pt0] device: DOWN event in state DOWN
mpd: [pt0] device is now in state DOWN
mpd: [pt0] link: DOWN event
mpd: [pt0] LCP: Down event
mpd: [pt0] LCP: state change Closed –> Initial
mpd: [pt0] LCP: phase shift ESTABLISH –> DEAD
mpd: [pt0] link: DOWN event
mpd: [pt0] LCP: Down event
mpd: pptp0: killing connection with x.x.x.x:54802Any advice would be appreciated.
Thanks
-
PPTP != OpenVPN, I'd suggest you try the VPN sub-forum instead.
If you're doing this between 2 pfSense hosts I'd suggest either IPsec or OpenVPN rather than PPTP.
-
Thanks for your suggestion, I'll look further into IPSec or OpenVPN. Is there any particular reason why these are better? or are they simply more appropriate for site to site connectivity?
-
Excellent howto found right here: http://files.pfsense.org/mirror/tutorials/openvpn/pfsense-ovpn.pdf
This has everything you need to set up a basic site-to-site tunnel.
As for why OpenVPN is better, have a read here: http://www.sans.org/reading_room/whitepapers/vpns/1459.php
-
I decided to go down the IPSec route, after banging by head against the wall and meticulously looking at the configurations to ensure they were the same at both ends I managed to get it working. I say got it working I really mean I left it and went home and when I came in the next day it magically had connected, probably lost a days worth of effort due to my own impatience.
