The pfSense Store

Author Topic: pfsense to pfsense VPN  (Read 6532 times)

0 Members and 1 Guest are viewing this topic.

Offline clamothe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
pfsense to pfsense VPN
« on: July 13, 2006, 11:53:58 am »
I'm looking to setup a VPN between two pfsense boxes.
I've tried using the ipsec/pfsense tutorial, but that didn't work.

First off, should I use openVPN or IPsec?
I can handle shell commands, but the person on the other end would be better off sticky to a gui.

Any suggestions?

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +3/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: pfsense to pfsense VPN
« Reply #1 on: July 13, 2006, 01:43:41 pm »
It depends which VPN implementation is more suitable for you but IPSEC with shared secret is much more easy to setup than OpenVPN. IPSEC needs at least 1 static IP at one end. The other end can be dynamic (as shown in the tutorial). Setting it up with static IPs at both ends is even easier as you don't have to add identifiers but can use the static IPs of both ends to authenticate.

How do your WANs at both ends look like? Dynamic IPs? Public IPs at WAN or some natting routers in front?

Btw, you shouldn't need to set up anything at the shell level as these settings will be overwritten on config changes via gui or reboot anyway (everything is reconfigured from the webgui and the config.xml).

Offline martinc_77

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +0/-0
    • View Profile
Re: pfsense to pfsense VPN
« Reply #2 on: July 14, 2006, 10:37:46 am »
hello friends, wanted to know like generating a key shared for openVPN ??

Offline psychosematic

  • Jr. Member
  • **
  • Posts: 40
  • Karma: +0/-0
    • View Profile
Re: pfsense to pfsense VPN
« Reply #3 on: July 14, 2006, 11:39:39 am »

Offline clamothe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: pfsense to pfsense VPN
« Reply #4 on: July 16, 2006, 01:11:05 pm »
It depends which VPN implementation is more suitable for you but IPSEC with shared secret is much more easy to setup than OpenVPN. IPSEC needs at least 1 static IP at one end. The other end can be dynamic (as shown in the tutorial). Setting it up with static IPs at both ends is even easier as you don't have to add identifiers but can use the static IPs of both ends to authenticate.

How do your WANs at both ends look like? Dynamic IPs? Public IPs at WAN or some natting routers in front?

Btw, you shouldn't need to set up anything at the shell level as these settings will be overwritten on config changes via gui or reboot anyway (everything is reconfigured from the webgui and the config.xml).
I have two non-nat/not-firewalled public dynamic IPs, however they hardly ever change, and it isn't a problem for me to change it whenever it breaks (every 2 months or so).
I can setup a hostname for one of the ends, but I don't know if there's a way I can get IPsec to resolve that.

Offline robbyt

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: pfsense to pfsense VPN
« Reply #5 on: July 28, 2006, 01:21:54 pm »
just posted this yesterday:

http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense

it explains client->pfsense connections, but you should be able to use the information for pfsense->pfsense type connections


Offline SpaceBass

  • Jr. Member
  • **
  • Posts: 74
  • Karma: +0/-0
    • View Profile
Re: pfsense to pfsense VPN
« Reply #6 on: August 11, 2006, 08:01:47 am »
Robbyt,
Thanks for the great doc!
I think I successfully generated my keys and configured my PFsense box.
The other side is an IPcop box with OpenVPN installed. I've tried to create it as the client.
However, it just doesn't seem to ever open the VPN.

On PFsense do I need to create any rules or setup NAT for port 1194? Does OpenVPN run on the WAN NIC?

I feel like I'm missing a critical step here.

Thanks
-N
« Last Edit: August 11, 2006, 08:14:50 am by SpaceBass »