HowTo: Setup a Side to Side IPsec Tunnel ( Turris <-> PFSense Firewall )

chris84 · February 9, 2017, 6:54pm

Hi,
here is a quick and dirty howto for building an IPsec tunnel between a Turris Router and a PFsense Firewall.
I’ll show only the important configuration parts
Phase 1 & 2 is working!

Prerequirements:
Installed PFsense 2.3.2-RELEASE-p1
Certificates: Build it easy with PFsense
CA
Server1
Server2

Firewall Rules:
Incomming Accept
Protokoll: udp Ports: 500 4500
Protokoll: AH und ESP

Outgoing NAT Masqerade Accept

Look at this Post for the firewall ruleset
Link

Pfsense Phase1 Tunnel configuration:

Pfsense Phase2 Tunnel configuration:

Pfsense advanced configuration:

Turris Firewall:

Turris ipsec.conf:

Turris ipsec.secrets:

Turris Packages:

Have a nice Weekend

Florian_Fra · February 9, 2017, 8:19pm

Does anyone have a working TO <-> TO ipsec configuration?

Florian_Fra · February 9, 2017, 8:52pm

What maximum throughput do you get on to?

chris84 · February 10, 2017, 8:06am

I didn’t test the speed til now.
I’ll make a test and post the output here
I have 1gbit upload on root Server side
And 120 Mbit download at home.

chris84 · February 24, 2017, 9:45pm

Sorry for the late reply.
Here are 2 screenshots. Don’t know why the single download won’t go ober 3 MiB/s.

But when make more downloads at same time i reach around 10 MiB/s .