TNSR IPsec Hub for pfSense Software Nodes

This recipe covers the following scenario:

Headquarters (HQ) is a hub with 3 branch sites as spokes. This recipe creates a secure interconnection between the local networks at all sites. This recipe assumes one of the branch routers is capable of using BGP for routing. One branch also requires the ability to route its Internet traffic through the hub node.

Tip

This recipe does not contain configuration examples for IPsec cryptographic acceleration, which can greatly improve the efficiency and performance of IPsec tunnels. The availability of acceleration varies by hardware, so the specifics of acceleration configuration must be customized to the target environment.

For more information, see IPsec Cryptographic Acceleration

IPsec Hub Configuration

• Recipe Environment
  • Topology Diagram
  • TNSR and Peer Network Configuration
  • TNSR and Peer IPsec Configuration
• Basic Initial Configuration
  • TNSR Basic Configuration
  • Peer 1 Basic Configuration
  • Peer 2 Basic Configuration
  • Peer 3 Basic Configuration
• Site-to-Site IPsec Access Between Local and Remote Networks
  • TNSR Site-to-Site Configuration
  • Peer 1 Site-to-Site Configuration
  • Peer 2 Site-to-Site Configuration
  • Peer 3 Site-to-Site Configuration
• Internet Access for a Remote Network
  • TNSR
  • Peer 1 Policy Route