This article will help you establish a site-to-site IPsec connection between Timus Networks and PfSense.
IPsec tunnel between Timus - PfSense: PfSense Configuration for Timus:
Go to PfSense UI -> VPN -> IPsec.
General Information:
IKE Endpoint Configuration:
Phase 1 Proposal (Authentication):
Phase 1 Proposal (Encryption Algorithm):
Expiration and Replacement:
Advanced Options:
Once you have completed the steps as shown in the images above, hit Save to complete the Phase 1 configuration on PfSense.
You need to go back to the VPN -> IPsec page again, and hit Show Phase 2 Entries or create a new one to complete the Phase 2 configuration of PfSense.
In this example, we consider that the local subnet belonging to PfSense is 10.10.10.0/24 and Remove Subnet is 192.168.249.0/24 (WireGuard subnet on Timus).
Once you Add P2 or Edit the P2, you will be able to see the Phase 2 configuration of PfSense.
General Information:
Networks:
Phase 2 Proposal (SA/Key Exchange):
Expiration and Replacement:
Keep Alive:
You can hit Save to complete the Phase 2 configuration of PfSense.
PfSense generally connects to the IPsec automatically. Yet, it sometimes does not connect automatically. To be able to manually trigger the IPsec connection, you need to go to Status -> IPsec as shown in the image below and hit Connect P1 and P2 button there to run it. Plus, you can disconnect the IPsec tunnel manually if needed.
After completing the steps above, please add a Firewall IPsec rule on PfSense as shown in the image below to let the Phase 2 work on both Timus and PfSense.
Timus Configuration for PfSense Firewall:
- Go to the Timus Manager -> Sites -> Create New Please note that you need to have a gateway to be able to create an IPsec tunnel(Connector).
- After clicking on Create New, you need to select Connector on top and enter an IPsec tunnel name, which is required.
Parameters:
Miscellaneous:
- To enable Dead Peer Detection(DPD) is highly recommended. Therefore, once the IPsec tunnel gets down for some reasons, it will automatically connect back and it will be Established/Online again.
- After configuring the Phase 1 IKE configuration of Timus, you need to hit Save.
- After saving, please extend the gateway by clicking on the arrow, and click on the 3 dots at the end of the row. After that, click on View.
- After clicking on View, you will be the page where you can add/edit the Phase 2 configuration, click on Create New Tunnel to create a Phase 2 configuration for your IPsec.
Phase 2 configuration of Timus:
- After configuring the Phase 2, click on Save.
0 comments
Please sign in to leave a comment.