Skip to main content
Home Documentation Community

PfSense

Andrew Reddie

0 comments

This article will help you establish a site-to-site IPsec connection between Timus Networks and PfSense.

IPsec tunnel between Timus - PfSense: PfSense Configuration for Timus:

 

Go to PfSense UI -> VPN -> IPsec.

General Information:

IKE Endpoint Configuration:

Phase 1 Proposal (Authentication):

Phase 1 Proposal (Encryption Algorithm):
Expiration and Replacement:
Advanced Options:
Once you have completed the steps as shown in the images above, hit Save to complete the Phase 1 configuration on PfSense.
You need to go back to the VPN -> IPsec page again, and hit Show Phase 2 Entries or create a new one to complete the Phase 2 configuration of PfSense.
In this example, we consider that the local subnet belonging to PfSense is 10.10.10.0/24 and Remove Subnet is 192.168.249.0/24 (WireGuard subnet on Timus).
Once you Add P2 or Edit the P2, you will be able to see the Phase 2 configuration of PfSense.
General Information:
Networks:
Phase 2 Proposal (SA/Key Exchange):
Expiration and Replacement:
Keep Alive:
You can hit Save to complete the Phase 2 configuration of PfSense.
PfSense generally connects to the IPsec automatically. Yet, it sometimes does not connect automatically. To be able to manually trigger the IPsec connection, you need to go to Status -> IPsec as shown in the image below and hit Connect P1 and P2 button there to run it. Plus, you can disconnect the IPsec tunnel manually if needed.
After completing the steps above, please add a Firewall IPsec rule on PfSense as shown in the image below to let the Phase 2 work on both Timus and PfSense.

Timus Configuration for PfSense Firewall:

  • Go to the Timus Manager -> Sites -> Create New Please note that you need to have a gateway to be able to create an IPsec tunnel(Connector).

  • After clicking on Create New, you need to select Connector on top and enter an IPsec tunnel name, which is required.

Parameters:

  • Note- you now have the option to select "Create firewalls rules automatically"

Miscellaneous:

  • To enable Dead Peer Detection(DPD) is highly recommended. Therefore, once the IPsec tunnel gets down for some reasons, it will automatically connect back and it will be Established/Online again.
  • After configuring the Phase 1 IKE configuration of Timus, you need to hit Save.
  • After saving, please extend the gateway by clicking on the arrow, and click on the 3 dots at the end of the row. After that, click on View.
  • After clicking on View, you will be the page where you can add/edit the Phase 2 configuration, click on Create New Tunnel to create a Phase 2 configuration for your IPsec.

Phase 2 configuration of Timus:

  • Note- you now have the option to select "Create firewalls rules automatically"

  • After configuring the Phase 2, click on Save.

Important:
Make sure to turn off (uncheck) the options "Block Private Networks and Loopback Addresses" and "Block Bogon networks" under the tab Reserved Networks located on your WAN Interface. If these options are enabled, you might see an error message saying "IPsec peer is not responding." This happens because PfSense blocks IPsec traffic when these settings are on, as shown in the image below.

pfsense-reserved-network.png

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Related articles

0 comments

Please sign in to leave a comment.