Book Image

pfSense 2.x Cookbook - Second Edition

By : David Zientara
Book Image

pfSense 2.x Cookbook - Second Edition

By: David Zientara

Overview of this book

pfSense is an open source distribution of the FreeBSD-based firewall that provides a platform for ?exible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important compared to other offerings. pfSense 2.x Cookbook – Second Edition starts by providing you with an understanding of how to complete the basic steps needed to render a pfSense firewall operational. It starts by showing you how to set up different forms of NAT entries and firewall rules and use aliases and scheduling in firewall rules. Moving on, you will learn how to implement a captive portal set up in different ways (no authentication, user manager authentication, and RADIUS authentication), as well as NTP and SNMP configuration. You will then learn how to set up a VPN tunnel with pfSense. The book then focuses on setting up traffic shaping with pfSense, using either the built-in traffic shaping wizard, custom ?oating rules, or Snort. Toward the end, you will set up multiple WAN interfaces, load balancing and failover groups, and a CARP failover group. You will also learn how to bridge interfaces, add static routing entries, and use dynamic routing protocols via third-party packages.
Table of Contents (18 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Index

Configuring the IPsec VPN service – client/server


In this recipe, we will configure the IPsec service to allow multiple clients to connect to our network.

In the previous recipe, we showed how IPsec can be used to create a VPN tunnel between two pfSense firewalls. In this recipe, we will demonstrate how IPsec can be used for a different purpose. Sometimes, we want to allow individual clients to access our network over the internet. Fortunately, pfSense enables us to do this, via IPsec mobile client configuration. In order to configure mobile clients, we must set up individual user accounts, and as was the case when we were configuring Captive Portal in pfSense, the User Manager provides a means for adding user accounts.

How to do it...

  1. Navigate to VPN | IPsec.
  2. Click on the Mobile Clients tab.
  3. Check the Enable IPsec Mobile Client Support checkbox:
  1. In the User Authentication listbox, select Local Database.
  2. In the Group Authentication drop-down menu, select system.
  3. Check the Provide a virtual IP address...