public
Created

VPN configuration for FRITZ!Box connecting to a pfSense router using IPsec

  • Download Gist
gistfile1.sh
Shell
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "VPN tunnel to pfSense box at work"; // an identificator for your connection - pick anything
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 192.168.1.100; // an unused IP address within your pfSense subnet
remote_virtualip = 0.0.0.0;
remotehostname = "your-pfsense.dyndns.org"; // the permanent hostname of your pfSense box
localid {
fqdn = "your-fritz.dyndns.org"; // the permanent hostname of your FRITZ!Box
}
remoteid {
fqdn = "your-pfsense.dyndns.org"; // again, the permanent hostname of your pfSense box
}
mode = phase1_mode_aggressive;
phase1ss = "def/3des/sha";
keytype = connkeytype_pre_shared;
key = "a-random-secret-shared-key"; // the same pre-shared key you used when configuring pfSense
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.178.0; // the subnet IP address of your FRITZ!Box - the default being 192.168.178.0
mask = 255.255.255.0; // the subnet netmask of your FRITZ!Box - the default being 255.255.255.0
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.1.0; // the subnet IP address of your pfSense box - the default being 192.168.1.0
mask = 255.255.255.0; // the subnet netmask of your pfSense box - the default being 255.255.255.0
}
}
phase2ss = "esp-3des-sha/ah-no/comp-no/pfs";
accesslist = "permit ip any 192.168.1.0 255.255.255.0"; // again, the subnet IP address and netmask of your pfSense box
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500";
}

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.