PFSense is great because it can be installed as a VM in a datacenter and handle enterprise grade routing and reporting. EdgeRouters are great because they’re readily available and at a very reasonable cost.
Both support Openvpn which tends to be a reliable easy to use VPN protocol that allows the vpn client to not have a static IP address. There is no GUI for Openvpn on the EdgeRouter but it is pre-installed and can be easily be configured in the console.
Once you’ve configured the OpenVPN server in the PFSense interface, there is a export feature that allows a ovpn file to be created that contains the configuration information required for the client side (EdgeRouter).
I initially had issue as the config file included a “pull” command that the Edgerouter complained was not valid without the TLS-Server or TLS-Client specified. I manually edited the file and removed the “pull” line and then the tunnel connected without issue.
From the EdgeRouter config, do:
# configure # set interfaces openvpn vtun0 config-file /config/# commit # save
- Log files in EdgeOS are in the
- I manually added a push route command to the client config file
push "route 192.168.3.0 255.255.255.0"
- EdgeOS 2.x uses OpenVPN 1.2.4 as does PFSense 2.4.x
- Tunnel status is at:
- To update, delete the interface and re-create. Delete with
delete interfaces openvpn vtun0