How to Create IPSec Tunnel on pfSense Firewall

Follow
Perimeter81 Tunnel Creation
  1. Go to the Gateway in your network from which you want to create the tunnel to Azure
  2. Click on the 3 dots and press "Add Tunnel"
  3. Name - Set name for the Tunnel
  4. Shared Secret - Put a shared secret or press generate
  5. "Public IP" and "Remote ID" - put your pfSense Public IP address
  6. In "Perimeter 81 Gateway Proposal Subnets" Choose Any or Specific Subnet"
  7. In "Remote Gateway Proposal Subnets" put your internal subnet
  8. Advanced Settings:
      • IKE Version - V2
      • IKE Lifetime - 8h
      • Tunnel Lifetime - 1h
      • Dead Peer Detection Delay - 10s
      • Dead Peer Detection Timeout - 30s
      • Encryption (Phase 1) - aes256
      • Integrity (Phase 1) - sha256
      • Deffie-Hellman Groups (Phase 1) - 14
      • Encryption (Phase 2) - aes256
      • Integrity (Phase 2) - sha256
      • Deffie-Hellman Groups (Phase 1) - 14
        i. Press "Add Tunnel"
pfSense Firewall settings
  1. In the Menu Bar go to Firewall , Rule
  2. Under IPSEC add new rule
    • Action - Pass
    • Quick - Mark v
    • Interface - WAN and IPSEC
    • Source - P81 Gateway IP
    • Destination - Either put any or you can limit to your FW external IP
    • Press Save
  3. Under IPSEC add new rule:
    • Action - Pass
    • Source - P81 Gateway IP
    • Destination - Either put any or you can limit to your FW external IP
    • Press Save
  4. Press Apply Changes  
pfSense IPSEC Tunnel creation
  1. Go to VPN --> IPsec
  2. Press on +Add P1
    1. Key Exchange Version - IKEv1
    2. Remote Gatewat - P81 Gateway IP address
    3. Authentication Method - Mutual PSK
    4. Pre-Shared key - the same key you put in P81 Tunnel settings
    5. Encryption Algorithm
      1. Algorithm - AES
      2. Key Length - 128bits
      3. HASH - SHA256
      4. DH Group - 14
  3. Press Save
  4. Add phase 2 - Click on +Add p2
    1. Mode - Tunnel IPv4
    2. Local Network - Network - Put your local network subnet
    3. Remote Network - Network - Put P81 remote network subnet
    4. Phase 2 Proposal
      1. Protocol - ESP
      2. Encryption Algorithm - AES - 256bits
      3. Hash Algorithms - SHA256
      4. PFS Key Group - 14
  5. Press Save
  6. Press Apply Changes
Bring the tunnel UP
  1. In the Menu Bar go to Status --> IPsec
  2. On the tunnel you created press - Connect VPN
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.