I've got both ipsec and OpenVPN setup on different networks. I was doing IPSec initially, and found it relatively straightforward to setup per pfSense documentation.
OpenVPN came along when we added mobile users. OpenVPN was waaaaay easier to setup for branch offices + moblie users. If you won't have mobile users, IPSec could be a viable option. If you just have 3-5 sites, IPSec might be an easier path. If you have more than 5 sites, OpenVPN seems like it would be easier to deploy. That said, one pfSense install would be your OpenVPN server, so make sure you have good backup of that box. On Wed, Jun 8, 2016 at 12:31 AM, David White <[email protected]> wrote: > Jeremy & Vick, > I'm open to considering an IPSec if that's the best option for this use > case. We're talking about 8 locations starting out, with a 9th office > opening shortly thereafter, and the possibility of going up to a total of > 15-20 sites within 1-2 years after that. > > When I read https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site, I see > that an OpenVPN setup with SSL/TLS would be the way to go. > > I didn't think I would have to setup a new server / port for each remote > office. I thought that, with the SSL/TLS setup, I could have a single > server and configure it so that clients can see & interact with each other. > > I have pfSense with OpenVPN in my own office, and seem to recall seeing > this setting in the past. > > On Tue, Jun 7, 2016 at 8:02 PM, Vick Khera <[email protected]> wrote: > > > On Tue, Jun 7, 2016 at 3:03 PM, David White <[email protected]> > wrote: > > > > > I know that this can be done, but I've never actually done it. Are > there > > > some good resources I can review, besides > > > https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site > > > > > > ? For branch offices, > > > > > > > If you can manage it, and the remotes are on static IPs, I'd suggest > trying > > IPSec. > > > > If you are going with OpenVPN, then you basically will need to set up one > > "server" per remote, each on its own port number. I like to only open the > > firewall to that port from the IP of the remote that will use it. > Depending > > on how many you have and how tight you want it, you could just make an > > alias of all the ports and an alias of all the remote IPs and set up one > > rule to allow all of that at one shot. > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > > > > -- > David White > Founder & CEO > > 423-693-4234 > @developCENTS <https://twitter.com/developcents> > https://developcents.com > > *Develop CENTS* > Computing, Equipping, Networking, Training & Supporting for small > businesses and nonprofits > Providing: Web Hosting, Technical Support & IT Consulting > > *Signup to our Newsletter at > <https://developcents.com/contact>https://developcents.com/contact/ > <https://developcents.com/contact/>* > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
