pfSense VPN: Part One

pfSense VPN

Configuring an IPsec VPN tunnel in pfSense 2.0.

Virtual Private Networking (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network, and is accomplished by establishing a virtual point-to-point connection with another computer. This is done through dedicated connections, encryption, or a combination of the two. Most router/firewalls support VPN, and this article describes some of the pfSense VPN options.


There are a variety of VPN services available, and pfSense has four of the most popular implementations built right in: IPsec, L2TP, OpenVPN, and PPTP. OpenVPN is emerging as the standard VPN protocol, but OpenVPN support is not built into Windows – you’ll have to download the client software. IPsec is also a popular VPN implementation. PPTP and L2TP, on the other hand, are losing ground to OpenVPN, but are still popular and are supported by most major operating systems.

pfSense VPN: IPsec

pfSense VPN

Setting up a firewall rule to allow IPsec traffic to the LAN.

In many cases, IPsec is the preferred method for network-to-network connections. IPsec (Internet Protocol Security) is a technology protocol suite for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. Setting up an IPsec connection in pfSense is easy. Browse to VPN -> IPsec. If the “Tunnels” tab is not already selected, select it. Click the “Plus” button to create an IPsec tunnel. Leave “Disable this phase 1 entry” unchecked and keep the interface as “WAN“. At “Remote Gateway“, enter the public IP address or host name of the remote gateway. At “Pre-Shared Key“, input your pre-shared key string. Now, click on “Save” to save the changes, click on “Enable IPsec“, and click on the “Save” button again. Click on “Apply changes” if necessary.


In order for IPsec traffic to pass through to the LAN, we need to create a new rule. Browse to Firewall -> Rules and select the IPsec tab. Click on the “Plus” button to add a new firewall rule. At “Destination“, set the destination to the LAN subnet, and at “Destination port“, set the destination port to “any“. Add a description at “Description” if you want, and click on “Save” to save changes. Click on “Apply changes” if necessary. This completes the set up of a pfSense VPN tunnel with IPsec.

In the next article, I will cover using VPN with the L2TP and OpenVPN protocols. Part three will cover the PPTP protocol.

External Links:

Setting up an IPsec VPN Link at doc.pfsense.org

Be Sociable, Share!

Comments

  1. It’s really a cool and useful piece of info. I am satisfied that you simply shared this useful info with us. Please keep us up to date like this. Thanks for sharing.

  2. HI admin,

    please instruct me how to config vpn clietn on pfsense that is placed on DMZ location(i mean pfsense server is place on DMZ)?
    thanks invance

Trackbacks

  1. [...] the previous two articles on pfSense VPN, I covered how to configure a VPN tunnel using IPsec and also the L2TP and OpenVPN protocols. In this article, I will cover how to set up a VPN tunnel [...]

  2. [...] previous articles, setting up VPN tunnels in pfSense was discussed, but not how to set up a server using Point-to-Point Protocol over Ethernet for a [...]

Speak Your Mind

*

© 2013 David Zientara. All rights reserved. Privacy Policy