In this tutorial we're going to look at how to setup a Site-To-Site VPN using pfsense's OpenVPN implementation. Before you start, make sure you have a similar network graph as shown above, with at least 1 host inside each of the 2 lans to access both pfsense's web interface. You can check out this tutorial to set it up on proxmox.
We're going to start on Site A (10.0.0.0/16) simply go on your pfsense's Web Interface:
Leave the rest as default, then hit 'Save' at the bottom of the page.
Next add a WAN rule for openvpn traffic:
Once that's done we want to add a OpenVPN rule to allow all traffic inside the VPN tunnel:
Once that's done, hit 'Apply Changes'
Now go get the shared key and copy it:
First thing on Site B is to get to the second pfsense's Web Interface (10.2.0.1/16):
Now for the next part you need to find a way to copy Site A's shared key, over to our Site B's pfsense web interface. What i did was basically create a debian10 CT on proxmox (because i know you can easily switch them from one network to another without powering them off) Then pasted the key into /tmp/randomfile.txt, then moved it into the second LAN to activate python3 -m http.server 8080 (which i then accessed from the other windows host in that same lan) to finish the copy paste process.
Once that's done, specify the Tunnel Network (10.99.99.0/24) AND the remote IPv4 Network (10.0.0.0/16)
And just hit 'Save' at the bottom of the page.
And as you can see once you check the OpenVPN status from the client Site (Site B) you see that there are bytes sent and recieved. This means that it worked ! so let's test the connection from 10.2.0.0/16 to 10.99.99.0/24 to 10.0.0.0/16:
As you can see we are able to reach both our siteB's LAN and VPN pfsense interfaces, but we still can't reach the other side, that's because we forgot to add a rule to allow the VPN traffic on the SiteB pfsense, so let's add it:
Just like before we basically want to allow all VPN traffic:
We also want to allow the OpenVPN traffic:
Then hit 'Save' and 'Apply changes',
Once you finished that, enable the OVPN interfaces :
Once you're here you can finally test the connectivity in between hosts, you can just use the ping command, but to illustrate the interaction with the VPN we're going to use traceroute utility:
And that's it! we managed to create a Site-To-Site Pfsense VPN connection.
Some Address 67120,
Duttlenheim, France.
This cute theme was created to showcase your work in a simple way. Use it wisely.