Documente Academic
Documente Profesional
Documente Cultură
DESCOMPLICADO
[https://2.bp.blogspot.com/-0_P2Vn_XbdQ/VsNZZAxC77I/AAAAAAAABSs/gTsmD9fkSvA
WNrn3U3aZDnoHo4m2f6QWQCPcB/s1600/721px-Pfs-logo-vector.svg.png]
In this faq, you will set up the VPN using PFSense in tunnel mode (network-to-
network VPNs) and use the ESP protocol in order to encrypt the VPN traffic as it
traverses the Internet.
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 1/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
Above is a very simple site-to-site VPN, with a security gateway (SOHO and
Remote IDC) linking two remote private networks 192.168.1.0/24 and
10.10.29.64/26. Remote IDC VPN is powered by either a Cisco/OpenBSD
based system and local SOHO vpn (PFSense) gateways are already
configured. From the above, you can see the IPSec config on is as follows:
Phase 1:
Encryption 3DES
Authentication MD5
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 2/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
Diffie-Hellman Group 2
Keylife 14400
Phase 2:
Encryption 3DES
Authentication MD5
Diffie-Hellman Group 2
Keylife 3600
pfSense must be setup and working properly for the existing local network
environment. Both locations must be using non-overlapping LAN IP subnets.
For demo purpose my PFSense appliance located at https://192.168.1.254/.
https://192.168.1.254/
Sample outputs:
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 3/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
[https://www.cyberciti.biz/faq/howto-site-to-site-ipsec-vpn-between-cisco-
openbsd-router-pfsense/pfsense-login-1/]
You will see screen as follows. Make sure you check Enable IPsec and click
Save to enable IPsec:
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 4/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
Click on + button (see fig.04) to add a new IPsec tunnel Phase 1 configuration.
Make sure Interface set to “WAN”, Remote Gateway to “173.191.1.42”,
Authentication Method to Pre-Shared key to “YOUR-super-secret-password-
key”, Encryption to “3DES”, Authentication to “MD5”, Diffie-Hellman Group to
“2”, Keylife to “14400”, and finally press the Save button.
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 5/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
[https://www.cyberciti.biz/faq/howto-site-to-site-ipsec-vpn-between-cisco-openbsd-router-
pfsense/add-phase-1-config-4/]
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 6/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
The IPsec tunnel configuration has been changed. You must apply
the changes in order for them to take effect.
To create a new Phase 2, click the large + inside the Phase 1 entry in the list, on
the left-hand side. This expands the list to display all Phase 2 entries for this
Phase 1. Click the + button on the right to add a new entry:
The Phase 2 information must be set as described in Phase 2 config table (see
above):
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 7/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
[https://www.cyberciti.biz/faq/howto-site-to-site-ipsec-vpn-between-cisco-openbsd-router-
pfsense/phase-2-vpn-7/]
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 8/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
By default firewall rules are automatically added to the WAN to allow the tunnel
to connect, but if the option to disable automatic VPN rules is checked, then
manual rules may be required. The following rules added by the firewall (you
can see them by typing the pfctl -sr | grep -i ipsec command at
PFSense console)
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 9/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
[https://www.cyberciti.biz/faq/howto-site-to-site-ipsec-vpn-between-cisco-openbsd-router-
pfsense/vpn-status-8/]
Give it a few seconds to connect to the remote side. Once connected you will
see the status as follows:
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 10/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
[https://www.cyberciti.biz/faq/howto-site-to-
site-ipsec-vpn-between-cisco-openbsd-
router-pfsense/status-overview-1/]
[https://www.cyberciti.biz/faq/howto-site-to-
site-ipsec-vpn-between-cisco-openbsd-
router-pfsense/status-sad-2/]
IPsec: SAD
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 11/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
[https://www.cyberciti.biz/faq/howto-site-to-
site-ipsec-vpn-between-cisco-openbsd-
router-pfsense/status-spd-3/]
IPsec: SPD
[https://www.cyberciti.biz/faq/howto-site-to-
site-ipsec-vpn-between-cisco-openbsd-
router-pfsense/status-log-4/]
$ ssh root@10.10.29.68
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 12/13
3/6/2018 Como configurar o Túnel VPN IPSec Site-to-Site PFSense para acesso remoto | TI. DESCOMPLICADO
And, there you have it, VPN up and running from your SOHO.
fonte: https://www.cyberciti.biz
https://tisemestresse.blogspot.com/2017/05/como-configurar-o-tunel-vpn-ipsec-site.html 13/13