How to Create IPSec Tunnel on pfSense Firewall

The following procedure demonstrates how to configure Perimeter 81 in order to create an IPSEC tunnel on a pfSense Firewall. Please follow the steps below:

Perimeter81 Tunnel Creation

1. Go to the Gateway in your network from which you want to create the tunnel to Azure.

2. Select the three-dotted menu (...) and select Add Tunnel.

3. Name - Set name for the Tunnel.

4. Shared Secret - Put a shared secret or select Generate.

5. "Public IP" and "Remote ID" - put your pfSense Public IP address.

6. In Perimeter 81 Gateway Proposal Subnets choose Any or Specific Subnet.

7. In Remote Gateway Proposal Subnets put your internal subnet.

Advanced Settings:

      • IKE Version - V2
      • IKE Lifetime - 8h
      • Tunnel Lifetime - 1h
      • Dead Peer Detection Delay - 10s
      • Dead Peer Detection Timeout - 30s
      • Encryption (Phase 1) - aes256
      • Integrity (Phase 1) - sha256
      • Deffie-Hellman Groups (Phase 1) - 14
      • Encryption (Phase 2) - aes256
      • Integrity (Phase 2) - sha256
      • Deffie-Hellman Groups (Phase 1) - 14
      • Select Add Tunnel

pfSense Firewall settings

1. In the Menu Bar go to Firewall, Rule.

2. Under IPSEC add a new rule.

  • Action - Pass
  • Quick - Mark v
  • Interface - WAN and IPSEC
  • Source - P81 Gateway IP
  • Destination - Either put any or you can limit to your FW external IP
  • Select Save.

1. Under IPSEC add a new rule:

  • Action - Pass
  • Source - P81 Gateway IP
  • Destination - Either put any or you can limit to your FW external IP
  • Select Save.

2. Select Apply Changes.  

pfSense IPSEC Tunnel creation

1. Go to VPN --> IPsec

2. Select +Add P1

  • Key Exchange Version - IKEv1
  • Remote Gateway - P81 Gateway IP address
  • Authentication Method - Mutual PSK
  • Pre-Shared key - the same key you put in P81 Tunnel settings

3. Encryption Algorithm

  • Algorithm - AES
  • Key Length - 128bits
  • HASH - SHA256
  • DH Group - 14

4. Select Save.

 

5. Add phase 2 - Select +Add p2

  • Mode - Tunnel IPv4
  • Local Network - Network - Put your local network subnet
  • Remote Network - Network - Put P81 remote network subnet
  • Phase 2 Proposal
  • Protocol - ESP
  • Encryption Algorithm - AES - 256bits
  • Hash Algorithms - SHA256
  • PFS Key Group - 14

6. Select Save.

7. Select Apply Changes.

Bring the tunnel UP

1. In the Menu Bar go to Status --> IPsec

2. On the tunnel, you created select - Connect VPN

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.