Virtual Private Networking (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network, and is accomplished by establishing a virtual point-to-point connection with another computer. This is done through dedicated connections, encryption, or a combination of the two. Most router/firewalls support VPN, and this article describes some of the pfSense VPN options.
There are a variety of VPN services available, and pfSense has four of the most popular implementations built right in: IPsec, L2TP, OpenVPN, and PPTP. OpenVPN is emerging as the standard VPN protocol, but OpenVPN support is not built into Windows – you’ll have to download the client software. IPsec is also a popular VPN implementation. PPTP and L2TP, on the other hand, are losing ground to OpenVPN, but are still popular and are supported by most major operating systems.
pfSense VPN: IPsec
In many cases, IPsec is the preferred method for network-to-network connections. IPsec (Internet Protocol Security) is a technology protocol suite for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. Setting up an IPsec connection in pfSense is easy. Browse to VPN -> IPsec. If the “Tunnels” tab is not already selected, select it. Click the “Plus” button to create an IPsec tunnel. Leave “Disable this phase 1 entry” unchecked and keep the interface as “WAN“. At “Remote Gateway“, enter the public IP address or host name of the remote gateway. At “Pre-Shared Key“, input your pre-shared key string. Now, click on “Save” to save the changes, click on “Enable IPsec“, and click on the “Save” button again. Click on “Apply changes” if necessary.
In order for IPsec traffic to pass through to the LAN, we need to create a new rule. Browse to Firewall -> Rules and select the IPsec tab. Click on the “Plus” button to add a new firewall rule. At “Destination“, set the destination to the LAN subnet, and at “Destination port“, set the destination port to “any“. Add a description at “Description” if you want, and click on “Save” to save changes. Click on “Apply changes” if necessary. This completes the set up of a pfSense VPN tunnel with IPsec.