Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN recommendations

    Scheduled Pinned Locked Moved Hardware
    5 Posts 5 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cyberfinn
      last edited by

      Hey

      I'm doing a new pfSense HA setup for our office. Now i need to decide a strategi of the VPN setup.

      We having some users that need to connect from Windows 8 and iPhones to the office via VPN. We also need to have a VPN tunnel to another pfSense remote setup.

      • What are the recommendations for remote client VPN running Windows 8 and iPhones? I like OpenVPN but then the users need to install a VPN client. Therefor i was thinking of using L2TP/IPsec, but is that the best solution?

      • What are the recommendations for a tunnel between two pfSense boxes? OpenVPN or?

      Running pfSense 2.2
      Office setup is 2 x C2758, 16GB ECC with SSD.
      Remote setup is 2 x Dell R420, E5-2440 v2, 32 GB ECC

      /Jacob

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        I would use OpenVPN.  All the flexibility is worth needing client software on the device, IMHO.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • J
          jasonlitka
          last edited by

          I'd suggest OpenVPN for user remote access, but not using the server in pfSense and the generic client.  OpenVPN Access Server is idiot-proof (admin & user) and dirt-cheap.

          I can break anything.

          1 Reply Last reply Reply Quote 0
          • D
            def4
            last edited by

            Site2Site is traditionally IPSecs business. You could try tinc, it's really cool.
            For end users, I tend to use OpenVPN because it's no hassle to install at all. But there are other cool solutions on the rise, waiting to be audited and to be proven. I particularly like the concept of SigmaVPN, utilising djbs NaCl for secure encryption at blazing fast speeds.

            In the case of OpenBSD, I also tried to deploy IPSec for end users and it did work well, too. (However, IPSec on OpenBSD is foolproof to install. I did not fiddle things out  on pfsense) If you look out for papers, IPSec is superior to all other VPNs in terms of speed, jitter and performance on bad network conditions. It has very little overhead, too. That comes in handy if you're working on the go using 3G and you used all your high speed data on your mobile plan - while OpenVPN tends to fuck the whole situation up (No productive work possible on RDP, ssh seriously delayed in comparison to IPSec), IPSec performs pretty well.

            I'm however continuing testing. Hope I could help.

            1 Reply Last reply Reply Quote 0
            • E
              escargot Banned
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.