Howto Configure PFSense Site-to-Site IPSec VPN Tunnel For Remote Access

by

To configure a site-to-site IPsec VPN tunnel for remote access in pfSense, follow these steps:

  1. Log in to the pfSense web interface and go to VPN > IPsec.
  2. Click the “Add P1” button to create a new Phase 1 configuration.
  3. In the General Information tab, fill in the following details:
    • Key Exchange version: IKEv2
    • Remote Gateway: IP address of the remote pfSense firewall
    • Description: A descriptive name for the VPN connection
    • Authentication Method: Select an appropriate method (e.g. Pre-Shared Key)
    • Pre-Shared Key: Enter the shared key
    • Mode: Select “Aggressive” for a quick and secure connection
    • Proposal: Choose the encryption, authentication and hash algorithms
    • NAT Traversal: Enable this option to allow VPN traffic to pass through NAT
    • Disable Dead Peer Detection: Uncheck this option
  4. Go to the Advanced Configuration tab and fill in the following details:
    • Lifetime: Set a value appropriate for your needs (e.g. 28800 seconds)
    • Disable Rekey: Uncheck this option to allow the VPN to be rekeyed automatically
  5. Click the “Save” button to save the Phase 1 configuration.
  6. Go back to VPN > IPsec and click the “Add P2” button to create a new Phase 2 configuration.
  7. In the General Information tab, fill in the following details:
    • Mode: Select “Tunnel IPv4”
    • Local Network: Choose the local network (e.g. LAN)
    • Remote Network: Choose the remote network
    • Proposal: Choose the encryption, authentication and hash algorithms
    • Compression: Enable this option if you want to compress the VPN traffic
  8. Go to the Advanced Configuration tab and fill in the following details:
    • Lifetime: Set a value appropriate for your needs (e.g. 3600 seconds)
  9. Click the “Save” button to save the Phase 2 configuration.
  10. Go back to VPN > IPsec and click the “Enable IPsec” button to enable the IPsec VPN tunnel.
  11. Verify the VPN connection by pinging a host on the remote network or by checking the VPN status in the VPN > IPsec page.

With these steps, you should be able to successfully configure a site-to-site IPsec VPN tunnel for remote access in pfSense.

Leave a Comment