pfSense VPN: Part One

pfSense VPN

Configuring an IPsec VPN tunnel in pfSense 2.0.

Virtual Private Networking (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network, and is accomplished by establishing a virtual point-to-point connection with another computer. This is done through dedicated connections, encryption, or a combination of the two. Most router/firewalls support VPN, and this article describes some of the pfSense VPN options.

There are a variety of VPN services available, and pfSense has four of the most popular implementations built right in: IPsec, L2TP, OpenVPN, and PPTP. OpenVPN is emerging as the standard VPN protocol, but OpenVPN support is not built into Windows – you’ll have to download the client software. IPsec is also a popular VPN implementation. PPTP and L2TP, on the other hand, are losing ground to OpenVPN, but are still popular and are supported by most major operating systems.

pfSense VPN: IPsec

pfSense VPN

Setting up a firewall rule to allow IPsec traffic to the LAN.

In many cases, IPsec is the preferred method for network-to-network connections. IPsec (Internet Protocol Security) is a technology protocol suite for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. Setting up an IPsec connection in pfSense is easy. Browse to VPN -> IPsec. If the “Tunnels” tab is not already selected, select it. Click the “Plus” button to create an IPsec tunnel. Leave “Disable this phase 1 entry” unchecked and keep the interface as “WAN“. At “Remote Gateway“, enter the public IP address or host name of the remote gateway. At “Pre-Shared Key“, input your pre-shared key string. Now, click on “Save” to save the changes, click on “Enable IPsec“, and click on the “Save” button again. Click on “Apply changes” if necessary.

In order for IPsec traffic to pass through to the LAN, we need to create a new rule. Browse to Firewall -> Rules and select the IPsec tab. Click on the “Plus” button to add a new firewall rule. At “Destination“, set the destination to the LAN subnet, and at “Destination port“, set the destination port to “any“. Add a description at “Description” if you want, and click on “Save” to save changes. Click on “Apply changes” if necessary. This completes the set up of a pfSense VPN tunnel with IPsec.

In the next article, I will cover using VPN with the L2TP and OpenVPN protocols. Part three will cover the PPTP protocol.

External Links:

Setting up an IPsec VPN Link at

Be Sociable, Share!


  1. It’s really a cool and useful piece of info. I am satisfied that you simply shared this useful info with us. Please keep us up to date like this. Thanks for sharing.

  2. HI admin,

    please instruct me how to config vpn clietn on pfsense that is placed on DMZ location(i mean pfsense server is place on DMZ)?
    thanks invance

  3. Hey thanks for this post.

    I am confused about one thing, In the remote gateway what IP address do I put? Is it one obtained from a vpn service?

    Thanks your help is greatly appreciated

  4. Could you please update this? There really is no updated reference for setting up a L2TP/IPsec server with PSK in pfSense and connect from common clients like Windows and Android.

    Thank you.

  5. For lots of males packing on muscle is tough, you possibly can eat
    all the fitting foods and prepare heavy and laborious, but you continue to can’t seem to achieve muscle, the professional stack combines all the proper
    ingredients to assist enhance nitrogen retention in the muscle groups, it also increases pink blood cell count which provides
    extra oxygen to the muscle tissue which can increase the pump and reduce fatigue throughout intense coaching classes, the Pro
    Mass Stack is good for a full 6-week cycle.

  6. The movie didn’t fail because of Reynolds’ performance,
    however he additionally didn’t actually elevate the material very much.
    And that wasn’t even his first turn as a comic e book hero, both.
    He starred as Hannibal King in Blade: Trinity from 2004,
    another much less-than-stellar flick.


  1. […] the previous two articles on pfSense VPN, I covered how to configure a VPN tunnel using IPsec and also the L2TP and OpenVPN protocols. In this article, I will cover how to set up a VPN tunnel […]

  2. […] previous articles, setting up VPN tunnels in pfSense was discussed, but not how to set up a server using Point-to-Point Protocol over Ethernet for a […]

Speak Your Mind


© 2013 David Zientara. All rights reserved. Privacy Policy