Book Image

Mastering pfSense - Second Edition

By : David Zientara
Book Image

Mastering pfSense - Second Edition

By: David Zientara

Overview of this book

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.
Table of Contents (15 chapters)

Chapter 7 – Virtual Private Networks

  1. Peer-to-peer and client-server.
  2. (a) IPsec, L2TP, and OpenVPN. (b) L2TP.
  3. Authentication Headers (AH), Encapsulating Security Protocol (ESP), and Security Association (SA).
  4. (a) The connection will fail because when the Key Exchange version is set to Auto and pfSense is the initiator, it will use IKEv2 (since the other firewall is using IKEv1, there will be a mismatch). (b) The connection will succeed because pfSense as the initiator will again use IKEv2, and the protocols will match.
  5. (a) 500; (b) 1194.
  6. Challenge-Handshake Authentication Protocol (CHAP), MS-CHAPv2, and Password Authentication Protocol (PAP).
  7. Elliptic-curve Diffie-Hellman (ECDH).
  8. Lightweight Directory Access Protocol (LDAP) and Remote Authentication Dial-In User Protocol (RADIUS).