Show page

Differences

This shows you the differences between two versions of the page.

--- sred:milestone_3 [2023/12/15 13:26]
horia.stoenescu [Week 5]
+++ sred:milestone_3 [2024/01/19 20:17] (current)
horia.stoenescu [Week 6]
@@ Line 58: / Line 58: @@
 Documentation can be found here: https://turbofuture.com/computers/How-to-Setup-a-Remote-Access-VPN-Using-pfSense-and-OpenVPN
+======= Week 6 =======
+For the second type of VPN (site-to-site) we require an additional ''pfsense'' firewall to be added in topology.
+. Create a new node in topology, select the same image already created for pfsense and select ''vnc''
+. Connect it to Cloud0 (for internet access) and start it
+. Finish network configuration (only for wan = vtnet0) and change the mac address as follows:
+<code>
+# select shell (8 key)
+# change mac address based on your eve_ng instance ip
+ifconfig vtnet0 link 50:00:00:$SECOND_BYTE:$THIRD_BYTE+2:$FORTH_BYTE
+# example: for 10.6.0.10, use mac address 50:00:00:06:02:10
+</code>
+. Get the new ip address and access webui using browser:
+<code>
+ifconfig vtnet0 0.0.0.0/0
+dhclient vtnet0
+</code>
+. Add firewall rules to permit traffic from FW1 (local) to FW2 (remote) and vice-versa. Test this using ping.
+. Using the documentation provided by NetGate, see the steps here: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html.
+- for names, use ''ToRemote'' for FW1 and ''ToLocal'' for FW2
+- we do not need firewall rules for now, so that part can be skipped
+- for subnets, you can use ''192.168.1.0/24'' for FW1 and ''192.168.2.0/24'' for FW2
+. In the end, test the connection by going to Status > IPsec > click connect P1 and P2 (make sure the tunnel is established and routes should be installed via child sa).