How to network together two sites using PFSense.

Published:
Updated:
There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a network bridge that can connect the two networks together.

If all you want to do is connect to you desktop remotely, then this is not for you. You would be better off using one of the commercial options like TeamViewer or SplashTop.

However, if you need to give access to many individuals, or you need systems to be able to access other systems in a different network like printers or fileservers, then this might be what you need.

This article will not cover routing which is required to take full advantage of this network bridge.

The things that you will need for each site;
  • A spare computer system.
  • A copy of PFsense (I used version 2.1.5)
PFSense can be downloaded from www.pfsense.org.

A word of warning, PFSense is designed to take full control of the computer it is installed on. It will not be useable for any other purpose.
 

PFSense Installation

This article will not cover Installation instructions of PFSense. However I will say that I chose the default installation options and only configured one network card. I also made sure that the option "Disable all packet Filtering" was checked. This is found under System->Advanced->Firewall/NAT tab.

Pic0.pngThis will need to be done on both client and server instances of PFSense.
 

Setup the VPN Server

Begin by selecting the OpenVPN from the VPN dropdown.
Pic1.pngClick the "Add" button to add a new VPN server.

Pic2.pngSelect "Peer to Peer (Shared Key)" for "Server Mode" and give your VPN server instance a description.

Pic3.pngContinue to fill out the following fields;
  • IPv4 Tunnel Network - This is a private network that should only be known by both client and server VPN end points. It must not overlap with either of the networks that it is bridging.
  • IPv4 Local Network - This is the network that is connected to the server. It will be advertized to by the client when the VPN connection is made.
  • IPv4 Remote Network - This is the network that is connected to the client. Any traffic that is sent to the Server that belongs to this network will be sent to the client using the Tunnel Network.
Both the Local and Remote Networks must not overlap, and also must not overlap with the Tunnel Network.

Pic4.pngOptionally choose to compress the network traffic.  Possible performance improvements will depend on the type of traffic that is being sent. Information being sent that is already compressed will in most cases increase the amount of time to transfer with this switch on. This option must match with the client side of the VPN.
 
Pic5.pngClick save and you will return to the Server VPN configuration page.

Pic6.pngThis completes the configuration of the Server side of the VPN.
 

Setup the VPN Client

Begin by selecting the OpenVPN from the VPN dropdown.

Pic1.pngNext, click the "Client" tab.

Pic7.pngClick the "Add" button to add a new VPN client.

Pic8.pngSelect "Peer to Peer (Shared Key)" for "Server Mode". Next enter the IP Address and the port number that was specified in the server. Also give your VPN client instance a description.

Pic9.png

Continue to fill out the following fields;

  • Encryption algorithm - This must match what the server is using. The default should be sufficient in most cases.
  • IPv4 Tunnel Network - This must be the same as the Server.
  • IPv4 Remote Network - This is the network that is connected to the server.
  • Compression - This must be the same as the Server.
Pic10.pngClick save and you will return to the Server VPN configuration page.
 

Copy the Shared Key

One final piece of information must be passed from the server to the client and this is the "Shared Key". 

Open the configuration on the VPN Server.
Pic11.pngCopy the contents of the "Shared Key" from the VPN server without changing it.

Pic12.pngPaste it into the "Shared Key" field of the VPN client and save your change.

Pic13.pngThis completes the configuration of the Client side of the VPN.
 

Testing the VPN Tunnel

Within a few moments the VPN client will contact the VPN Server and establish a connection. You can verify that the connection has been made by checking the status of the OpenVPN.

Pic14.png
The status should be stated as "UP".

Pic15.pngOptionally you can try to ping the address of the VPN client from the Server by using the Diagnostics->Ping utility.

Pic16.png 
5
4,581 Views

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.