VPN configuration for FRITZ!Box connecting to a pfSense router using IPsec

gistfile1.sh

vpncfg {
  connections {
    enabled = yes;
    conn_type = conntype_lan;
    name = "VPN tunnel to pfSense box at work"; // an identificator for your connection - pick anything
    always_renew = no;
    reject_not_encrypted = no;
    dont_filter_netbios = yes;
    localip = 0.0.0.0;
    local_virtualip = 0.0.0.0;
    remoteip = 192.168.1.100; // an unused IP address within your pfSense subnet
    remote_virtualip = 0.0.0.0;
    remotehostname = "your-pfsense.dyndns.org"; // the permanent hostname of your pfSense box
    localid {
      fqdn = "your-fritz.dyndns.org"; // the permanent hostname of your FRITZ!Box
    }
    remoteid {
      fqdn = "your-pfsense.dyndns.org"; // again, the permanent hostname of your pfSense box
    }
    mode = phase1_mode_aggressive;
    phase1ss = "def/3des/sha";
    keytype = connkeytype_pre_shared;
    key = "a-random-secret-shared-key"; // the same pre-shared key you used when configuring pfSense
    cert_do_server_auth = no;
    use_nat_t = no;
    use_xauth = no;
    use_cfgmode = no;
    phase2localid {
      ipnet {
        ipaddr = 192.168.178.0; // the subnet IP address of your FRITZ!Box - the default being 192.168.178.0
        mask = 255.255.255.0; // the subnet netmask of your FRITZ!Box - the default being 255.255.255.0
      }
    }
    phase2remoteid {
      ipnet {
        ipaddr = 192.168.1.0; // the subnet IP address of your pfSense box - the default being 192.168.1.0
        mask = 255.255.255.0; // the subnet netmask of your pfSense box - the default being 255.255.255.0
      }
    }
    phase2ss = "esp-3des-sha/ah-no/comp-no/pfs";
    accesslist = "permit ip any 192.168.1.0 255.255.255.0"; // again, the subnet IP address and netmask of your pfSense box
  }
  ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500";
}