The firewall-oriented operating system pfSense is one of the most used firewalls in small and medium-sized companies. Thanks to its extensive configuration options at the network level, security and its different types of VPN, we will be able to cover the main needs of companies. Although PfSense incorporates a large number of services, we will always be able to install additional services that are compatible with the operating system, such as IDS / IPS or pfBlockerNG among others that are very popular. The pfSense development team has announced that in the new pfSense 2.5.0 version that will be released soon, we will have the fastest and one of the most secure VPN. Do you want to know all the details about this new VPN?
The VPNs that pfSense currently has
The pfSense firewall-oriented operating system currently has several types of VPN, with which we can configure remote access VPN, and also Site-to-Site VPN. We will have the possibility to configure these virtual private networks in a very advanced way, and all this through the graphical user interface, without the need to edit any text file via SSH or by console.
One of the VPNs that pfSense has is L2TP / IPsec , one of the most popular types of VPN and used by users who connect via VPN to the company, or also to the home. This type of VPN uses the L2TP protocol as a tunnel, and IPsec provides all the security features. Thanks to the dozens of configuration options available, we can configure this type of VPN in detail with very robust security. Another VPN that we have available is IPsec, both with IKEv1 and IKEv2 , in addition, we also have different types of authentication based on pre-shared key (PSK) or digital certificates (RSA) . We recommend that you visit our complete tutorial on what IPSec is and what it is used for , where you will find how this popular VPN protocol works.
Another VPN that we have available in pfSense is OpenVPN, widely used by home users and companies to interconnect different locations. While IPsec uses encryption at layer 3 (network layer), with OpenVPN we will have the TLS (for TCP) or DTLS (for UDP) protocol in the transport layer. Both IPsec and OpenVPN allow transport mode and tunnel mode, we can also establish site-to-site tunnels or remote access VPN. In this article we have a complete OpenVPN configuration tutorial where you will find all the details about one of the best VPNs you can use.
The new VPN that will integrate pfSense: WireGuard
WireGuard is a relatively new VPN protocol that has made a name for itself due to its great performance, which is twice as fast as OpenVPN and as IPsec under the same hardware. In this article we have achieved a real speed of 1Gbps with WireGuard, while with OpenVPN and IPsec we have achieved about 450-500Mbps, so the performance of WireGuard is really impressive. We recommend you visit our tutorial on how to configure WireGuard VPN to browse safely.
WireGuard has had the “best security” policy from the very beginning, for this reason, it uses a very secure and fast cryptographic suite, so as not to have any kind of privacy and security problems when using it. In addition, another of the most important characteristics of this VPN is “roaming”, that is, it allows us to go from a WiFi network to 4G and vice versa, maintaining the VPN tunnel since the reconnection is really fast, in fact, we will not notice you had to reconnect the VPN.
pfSense in its new version 2.5.0 will incorporate this type of VPN, currently this VPN is already integrated natively in the Linux kernel, however, we must remember that pfSense uses the FreeBSD operating system as a base. The Netgate development team has spent a year developing WireGuard to also integrate into the kernel and get the best possible performance. If you want to see the source code, you can do so on the pfSense GitHub . You can test this new functionality right now by activating beta updates for pfSense, but we recommend that you try it in a test environment and not in production.
Of course, WireGuard configuration will be done through the graphical user interface, we will not have to edit any file to later upload it to the configuration, everything is via the web and with a very intuitive graphical user interface.