Site to Site tunnel — OPNsense documentation (2024)

FAQs

Which solution allows you to create a site to site VPN tunnel? ›

Site-to-site VPN Protocols

GRE (Generic Routing Encapsulation) is sometimes used with IPsec for creating tunnels, although GRE by itself does not provide encryption. OpenVPN is also capable of creating secure point-to-point connections in routed or bridged configurations.

Like GRE over IPsec, IPsec VTI allows for the flexibility of sending and receiving both IP unicast and multicast encrypted traffic. Traffic is encrypted or decrypted when it is forwarded from or to the tunnel interface and is managed by the IP routing table.

OPNsense contains a stateful packet filter, which can be used to restrict or allow traffic from and/or to specific networks as well as influence how traffic should be forwarded (see also policy based routing in “Multi WAN”). The rules section shows all policies that apply on your network, grouped by interface.

To create an internet-based site-to-site VPN, you make a tunnel that connects two networks, for which you need three components: A base network in one location. A satellite network in another location. A tunnel with security gateways on each end.

IPsec VPN securely interconnects entire networks (site-to-site VPN) OR remote users with a particular protected area such as a local network, application, or the cloud. SSL VPN creates a secure tunnel from the host's web browser to a particular application.

A site-to-site VPN does not give you that type of redundancy since the network is configured in the policy itself. Tunnel interface offloads that configuration from source network to destination network to a route policy.

IPsec is secure because it adds encryption* and authentication to this process. *Encryption is the process of concealing information by mathematically altering data so that it appears random.

GRE is an IP encapsulation protocol that is used to transport packets over a network. can be used to setup connections between Branch Gateways and their Enterprise headend. In site-to-site tunnel configuration, the VPN. VPN enables secure access to a corporate network when located remotely.

How do I check my IPsec tunnel status? ›

To view status information about active IPsec tunnels, use the show ipsec tunnel command. This command prints status output for all IPsec tunnels, and it also supports printing tunnel information individually by providing the tunnel ID.

VTI is tunnel where ESP encapsulates your data payload directly without need for another transport header; VTI is similar to GRE encap but overhead is smaller 24 bytes then GRE. VTI supports only IPv4 and no other no-IP payloads are supported.

If you want high customizability and a large support community, pfSense is a good option. If you prioritize an easy-to-use interface and frequent updates, instead, OPNsense may be better. Ultimately, pfSense offers more flexibility for seasoned users, but OPNsense provides a more polished out-of-box experience.

OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso, a company in the Netherlands that makes hardware and sells support packages for OPNsense. It is a fork of pfSense, which in turn was forked from m0n0wall built on FreeBSD.

OPNsense Features a complete high-end security platform for free. Take a look at some of our highlights, but remember OPNsense Features much more than we can showcase. ✓ QoS ✓ 2FA ✓ OpenVPN ✓ IPSec ✓ CARP ✓ Captive Portal ✓ Proxy ✓ Webfilter ✓ IDPS ✓ Netflow ✓ and More!