IPsec provides a standards-based VPN implementation that is compatible with a wide range of clients for mobile connectivity and other devices for site-to-site connectivity. It supports numerous third party devices and is being used in production with devices ranging from consumer grade Linksys routers all the way up to IBM z/OS mainframes, and everything imaginable in between.
For general discussion of the various types of VPNs available in pfSense® software and their pros and cons see Virtual Private Networks.
pfSense software supports IPsec with IKEv1 and IKEv2, policy-based and route-based tunnels, multiple phase 2 definitions for each tunnel, NAT traversal, NAT on Phase 2 definitions, a large number of encryption and hash options, and many more options for mobile clients including EAP and xauth.
- IPsec Terminology
- IPsec Configuration
- Choosing a Mobile IPsec Style
- NAT with IPsec Phase 2 Networks
- Routed IPsec (VTI)
- IPsec and firewall rules
- Using IPsec with Multiple Subnets
- Configuring IPsec Keep Alive
- Testing IPsec Connectivity
- Client Routing and Gateway Considerations
- Configuring Third Party IPsec Devices
- Accessing Firewall Services over IPsec
IPsec Site-to-Site VPN Example with Certificate Authentication
IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
IPsec Remote Access VPN Example Using IKEv1 with Pre-Shared Keys
Routing Internet Traffic Through a Site-to-Site IPsec Tunnel