How to Configure a Multi Site to Site to Site IPSec VPN with PFSense

How to Configure a Multi Site to Site to Site IPSec VPN with PFSense

The purpose of this video is provide a step by step process of how to configure a multi site to site to site IPSec VPN. This includes a quick drawing, mtu options, general firewall rules, setup of vpn’s, name resolution and how to force once sites internet traffic through another sites internet connection over the VPN.

If you like the video let us know with a like and don’t forget to visit our website to vote on our next tech tip poll.

35 Comments

  1. BenZoneOfficial on October 18, 2021 at 9:15 am

    Nice video man! I just wanna coz im very new to this site to site vpn. What if have like 5 offices to connect but only one has Static IP and the rest have dynamic ip. what is the best configuration for this?



  2. smack green on October 18, 2021 at 9:17 am

    great video thnx but my problem was when i configure ipsec the tab ipsec in the rules dosen"t appear and i sure i configure and i try to enable ipsec but the it didn’t appear ! i used pfsense 2.3.5 and i tried in 2.4.4 also the same problem !



  3. Samy the Bull on October 18, 2021 at 9:17 am

    Hi, is there any way we can get an ipsec vpn tunnel between pfsense and zyxel USG series? I could not figure it out 🙁



  4. Moon Dawson on October 18, 2021 at 9:17 am

    which is best site to site vpn, openvpn or ipsec



  5. George Ugalde on October 18, 2021 at 9:19 am

    Very well detailed, congratulations helped me a lot in clarifying some doubts



  6. Geo Gmz on October 18, 2021 at 9:20 am

    Great video! well explained thanks for the effort.



  7. Jorz Y on October 18, 2021 at 9:21 am

    Nice tutorial! Well explained!



  8. Julien Angelo on October 18, 2021 at 9:22 am

    Great Job Man,
    Big Thank you for your video’s
    10/10 Vote



  9. carl on October 18, 2021 at 9:22 am

    very good. thanks



  10. Core Digital on October 18, 2021 at 9:23 am

    Very good tuto !!



  11. hillford h on October 18, 2021 at 9:23 am

    For whoever needs this! If you cannot ping/route between your various LAN networks….make sure to go onto each pfsense console and assign the interface IP again. Even after you’ve set up the full ipsec vpn tunnels. Then make sure to disconnect the ipsec vpn tunnel and reconnect it. In my case I followed this tutorial step by step but had my LAN interface IP set to /32 somehow. When I changed it to the correct /24 and reconnected the ipsec vpn tunnel in the web gui, it all started working. Thanks @vmnerd for a fantastic tutorial!



  12. Sergei on October 18, 2021 at 9:25 am

    Great video tuto, is possible add a tutorial for client ipsec to pfsense (iphone, remote pc, mac, etc) thx¡



  13. Jeffrey Deal on October 18, 2021 at 9:28 am

    Question! I was able to connect my primary site to my first remote site. I’m able to ping the inside gateway address but I cannot access the web browser. When I check the IPsec status on both sides one says up (Primary site) but the remote site says down. Any reasons why I would get this? Thanks in advance!



  14. eleguardini93 on October 18, 2021 at 9:28 am

    Great video! But what if I want to insert two remote gateways IPs? On the other side I’ll have a Fortigate firewall with two vpns ipsec, one being the failover of the primary one (so the secondary is set in monitor mode, once the primary goes down, the other one detects it and enables itself). Can’t find anything on the internet explaining how to configure some sort of vpn failover having only one wan on the PFSense side and two wans on the other side.



  15. Randy Haley on October 18, 2021 at 9:29 am

    This is by far the best video I have seen on creating a site-to-site VPN using IPSEC and pfSense. Keep up the great work!



  16. Mohamed El behja on October 18, 2021 at 9:32 am

    thank you so much my brother for your video
    it’s great and very simple
    I need your help to Detailed explanation for squid guard with Active directory



  17. Luke Fong on October 18, 2021 at 9:32 am

    F@#KING AWESOME! This will help on a current project.



  18. Nghĩa Huy on October 18, 2021 at 9:32 am

    thanks



  19. Vipin Tripathi on October 18, 2021 at 9:33 am

    Excllent video , all in details with patience , thanks



  20. Born Town on October 18, 2021 at 9:37 am

    I have followed the instructions and the sites are connecting but i cannot ping, kindly assist resolve that



  21. Brandon S on October 18, 2021 at 9:38 am

    Hey man, dunno if you’re still active or not but if you are shoot me a reply or a DM if possible I wanna pick your brain on something.



  22. Carlos Matos Villar on October 18, 2021 at 9:40 am

    You’re the best my friend. Keep goin’on! Great video Tutorial.



  23. John Avellar on October 18, 2021 at 9:47 am

    Excellent Video -THANK YOU!



  24. McgregorKLB on October 18, 2021 at 9:49 am

    Very nice and useful video! I also had to add UDP 4500 to the WAN rules, as the tunnel was established but no traffic was flowing. Hope this helps anyone.



  25. Moon Dawson on October 18, 2021 at 9:51 am

    Is it required, to have static public ip addresses for both or all sites?



  26. Mark Gilbert on October 18, 2021 at 9:53 am

    Very Well explained! Damn dude, this was awesome. Exactly what I needed to know.



  27. Brad on October 18, 2021 at 9:54 am

    Well done, and straight to the point. It’s long, but there is plenty to explain, and lots of configuration.



  28. Tom Simons on October 18, 2021 at 9:55 am

    That’s one of the better how to video’s I’ve ever seen so far. Maybe, adding the part how to use RSA certificates would make it even more unique. Thanks for sharing. Well done!



  29. Lester Carrejo on October 18, 2021 at 9:57 am

    Excellent- do you have one on GRE tunnels?



  30. Tilak Kumar on October 18, 2021 at 10:02 am

    Do you know how can we configure site to site with multi wan ? for example i have 2 wan links at site 1 and 2 wan links at site 2 . Trying to set up multiwan for ipsec failover.



  31. michelhack on October 18, 2021 at 10:04 am

    how to setup DNS resolver/forwarder with this setup so you can reach any workstation in any of the sites with just a name



  32. iRon eYes on October 18, 2021 at 10:06 am

    Kudos



  33. Hany Soliman on October 18, 2021 at 10:07 am

    Awesome my Brother



  34. Ztevoz Milloz on October 18, 2021 at 10:11 am

    Nice job thx



  35. James Eduard on October 18, 2021 at 10:11 am

    VMNerd is it possible to make briidge with ipsec tunnel?

    HQ – Voip server and has dhcp server
    Branch – connect via ipsec tunnel but the ipphone can get ip from external dhcp from HQ?

    is this possible? can you help me please thanks