pfSense Site to Site VPN

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
what's up guys Andy with crosstalk solutions and today I'm going to do a quick video to show you how to set up a site to site open VPN tunnel between two pfSense routers now a couple examples I can think of some place you might want to use this would be let's say you've got your main office has a free PBX system and you've got a satellite office that only has maybe three phones so rather than half each phone connect back to the PBX with its own VPN tunnel you could use a couple routers like this just create one VPN tunnel and have all the traffic Traverse that from one tile another example would be if you have a couple users at that again that satellite office that are using a terminal server for instance at the at the main office this would also work for that so anyways there's there's a million of one different possible uses for something like this so let's just get right into it okay so what I've done with the two different routers we're gonna use for this demonstration as you can see I've actually made some adjustments to what theme they're using and so as you can see we're gonna call this the red site and this will be the blue site it doesn't really matter which one we're considering remote or local just to give a demonstration of where we're at starting off I'm gonna pull up a command prompt here and so the local subnet for this Windows machine is 192.168.1 o1 dot X and the remote subnet the blue router that's in the back there is 192 168 1 o 2 dot X and I just happen to have a Linux machine sitting over on that other subnet it's a free PBX box at 192.168.1 o 2.12 and so we're gonna attempt to ping that right now prior to actually setting up our tunnel which as you can see is going to fail since we have no route to that network okay so we're gonna get logged in on both routers the red one in this case is the one that's actually local to this demo box where this demo Windows machine I'm using to record this as you can see I've put in there a nice big picture this is the red site so let's jump over to the other one which is the blue site in this case and that's where the free PBX box that we were just trying to ping that's where it's located and over here you'll see I've got a darker theme and blue sites so whatever we're going and doing the different configurations there's a clear and distinct visual indicator to y'all on which box we're working on so I'm going to start off on the one that I'm local to and I'm first going to go to the VPN tab down to open VPN and then we're gonna make sure we're on the server tab here we're gonna click Add and we want to serve mode we're going to change this to say peer-to-peer shared key this is the simplest form of Open VPN tunnel we can set out between the two okay the rest of these settings we're gonna leave pretty much at the default values interface you want to make sure this is your wham facing interface local port we're leave it at the 1194 unless you have some reason to change it description we're going to call this demo server that could be any name you want pretty much everything else here in the crypto settings we're gonna leave default we're gonna leave this checked so it'll generate the shared key which we're going to come back in and copy I came down here at the tunnel settings this just needs to be something in a private IP space that will be unique to these routers so it can't be the subnet on either of the two routers so in this case I'm just going to say one seven 2.16 0.0 / 24 which is not in use on either router and then remember this is the 192 one six eight dot 101 seven it so the sudden that that we want this to give us access to any 192.168.1 o 2.0 / 24 that was pretty much everything we need if you have any custom options to go there we're gonna click Save on this one and so we're still not quite done we got one more step we need to actually a couple more steps on this box we need to go over here to firewall and under rules we actually need to allow the incoming traffic from the remote site on the Open VPN port now in this case we set up our server to use UDP so we want to change the protocol to UDP okay so we've got our protocol set to UDP our action we want to pass or accept the traffic we're only source alone unless you have a static IP at the remote site if you have a static IP you can further restrict this firewall rule to only accept traffic from that remote sites public IP but in this case I'm not going to do that so destination we want to set that to our van address and then our port is going to be OpenVPN before and I just got to put a description in here open VPN server just son know what this rule is okay so we've got that one applied there's one more rule we need to create while we're here you see since we've created that server you have an open VPN tab here so I'm gonna go to click on that guy add a rule action that's gonna be pass protocol is gonna be any you can restrict to certain types of traffic across this time if you want but for our demo purposes I'm just going to allow any traffic to go across this tunnel just gonna be p.m. allow all this but I'll name that I can't we good apply that okay if you'll remember earlier I mentioned we were gonna copy that key so at this point still in the same router go back to the server that you created and your shared key here you're going to want to select all of that and ctrl C copied into my clipboard and so now we're looking at the beliefs like this is the remote site 192 168 1 o 2.1 router so on this one we're gonna go to open VPN and since this site is going to connect back to the primary site this one will be a client so we'll click on the client tab and click Add ok and we're gonna want to set the server mode to be the same as the other site so peer-to-peer shared key protocol still UDP interface LAN local port you can leave blank server a host or address now this would be the public IP address of the primary site of the site in this case so have that set at 10.0 doc 10.2 a 4 in this case the sir reported 1194 or if you used a custom port change that to whatever your custom port was and put our description in here demo tunnel I think I'll call it on this one okay now on this one you'll want to uncheck the auto generate because remember we copied the key from the other one and in here is where you'll taste that key from the primary router next thing we need is to use a matching subnet to what we used on the other box so it's already an autocomplete IPV remote networks that's going to be the primary one not two one six eight dot 101 dot 0 / 4 we're gonna save this again once that saved you come up here to status and to OpenVPN and there we go shows that our tunnel is up there's our virtual IP address there and before we can actually send any traffic across on this one we need to create just one rule under Open VPN we're going to add that same rule that we add it to the other box so action is going to be pass protocol is any or whatever you want to restrict it to source and destination are both set to any and then just make this something meaningful to you in this case I'm going to use Open VPN all would apply the change and now I'm going to pull up our command prompt again and we're gonna try ping that same box that was not payable earlier and there you go successful pings let's pull up the web interface of that free PBX box in the web browser there goes as you can see a default box I'll think that about wraps this one up thank you for watching if you like this video please give me a thumbs up if you want to see more like it and don't forget to click subscribe thanks for watching have a good one [Music] [Applause] [Music]
Info
Channel: Crosstalk Solutions
Views: 73,918
Rating: undefined out of 5
Keywords: pfsense, openvpn, vpn, site to site vpn, site to site, crosstalk, crosstalk solutions, firewall, vpn security
Id: seScJty_VL8
Channel Id: undefined
Length: 11min 6sec (666 seconds)
Published: Thu Nov 16 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.